Update azurecli commands to azurecli-interactive

pauldotyu · pauldotyu · commit 48bc3d3d69ea · 2023-12-04T14:57:39.000-08:00
diff --git a/articles/aks/limit-egress-traffic.md b/articles/aks/limit-egress-traffic.md
@@ -40,7 +40,7 @@ The following information provides an example architecture of the deployment:
 
 Define a set of environment variables to be used in resource creations.
 
-```bash
+```azurecli-interactive
 PREFIX="aks-egress"
 RG="${PREFIX}-rg"
 LOC="eastus"
@@ -66,13 +66,13 @@ Provision a virtual network with two separate subnets: one for the cluster and o
 
 1. Create a resource group using the [`az group create`][az-group-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az group create --name $RG --location $LOC
     ```
 
 2. Create a virtual network with two subnets to host the AKS cluster and the Azure Firewall using the [`az network vnet create`][az-network-vnet-create] and [`az network vnet subnet create`][az-network-vnet-subnet-create] commands.
 
-    ```azurecli
+    ```azurecli-interactive
     # Dedicated virtual network with AKS subnet
     az network vnet create \
         --resource-group $RG \
@@ -104,19 +104,19 @@ You need to configure Azure Firewall inbound and outbound rules. The main purpos
 
 1. Create a standard SKU public IP resource using the [`az network public-ip create`][az-network-public-ip-create] command. This resource will be used as the Azure Firewall frontend address.
 
-    ```azurecli
+    ```azurecli-interactive
     az network public-ip create -g $RG -n $FWPUBLICIP_NAME -l $LOC --sku "Standard"
     ```
 
 2. Register the [Azure Firewall preview CLI extension](https://github.com/Azure/azure-cli-extensions/tree/main/src/azure-firewall) to create an Azure Firewall using the [`az extension add`][az-extension-add] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az extension add --name azure-firewall
     ```
 
 3. Create an Azure Firewall and enable DNS proxy using the [`az network firewall create`][az-network-firewall-create] command and setting the `--enable-dns-proxy` to `true`.
 
-    ```azurecli
+    ```azurecli-interactive
     az network firewall create -g $RG -n $FWNAME -l $LOC --enable-dns-proxy true
     ```
 
@@ -128,13 +128,13 @@ You need to configure Azure Firewall inbound and outbound rules. The main purpos
 
 4. Create an Azure Firewall IP configuration using the [`az network firewall ip-config create`][az-network-firewall-ip-config-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az network firewall ip-config create -g $RG -f $FWNAME -n $FWIPCONFIG_NAME --public-ip-address $FWPUBLICIP_NAME --vnet-name $VNET_NAME
    ```
 
 5. Once the previous command succeeds, save the firewall frontend IP address for configuration later.
 
-    ```azurecli
+    ```azurecli-interactive
     FWPUBLIC_IP=$(az network public-ip show -g $RG -n $FWPUBLICIP_NAME --query "ipAddress" -o tsv)
     FWPRIVATE_IP=$(az network firewall show -g $RG -n $FWNAME --query "ipConfigurations[0].privateIPAddress" -o tsv)
     ```
@@ -155,13 +155,13 @@ Azure automatically routes traffic between Azure subnets, virtual networks, and
 
 1. Create an empty route table to be associated with a given subnet using the [`az network route-table create`][az-network-route-table-create] command. The route table will define the next hop as the Azure Firewall created above. Each subnet can have zero or one route table associated to it.
 
-    ```azurecli
+    ```azurecli-interactive
     az network route-table create -g $RG -l $LOC --name $FWROUTE_TABLE_NAME
     ```
 
 2. Create routes in the route table for the subnets using the [`az network route-table route create`][az-network-route-table-route-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az network route-table route create -g $RG --name $FWROUTE_NAME --route-table-name $FWROUTE_TABLE_NAME --address-prefix 0.0.0.0/0 --next-hop-type VirtualAppliance --next-hop-ip-address $FWPRIVATE_IP
 
     az network route-table route create -g $RG --name $FWROUTE_NAME_INTERNET --route-table-name $FWROUTE_TABLE_NAME --address-prefix $FWPUBLIC_IP/32 --next-hop-type Internet
@@ -184,7 +184,7 @@ This section covers three network rules and an application rule you can use to c
 
 1. Create the network rules using the [`az network firewall network-rule create`][az-network-firewall-network-rule-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az network firewall network-rule create -g $RG -f $FWNAME --collection-name 'aksfwnr' -n 'apiudp' --protocols 'UDP' --source-addresses '*' --destination-addresses "AzureCloud.$LOC" --destination-ports 1194 --action allow --priority 100
 
     az network firewall network-rule create -g $RG -f $FWNAME --collection-name 'aksfwnr' -n 'apitcp' --protocols 'TCP' --source-addresses '*' --destination-addresses "AzureCloud.$LOC" --destination-ports 9000
@@ -194,7 +194,7 @@ This section covers three network rules and an application rule you can use to c
 
 2. Create the application rule using the [`az network firewall application-rule create`][az-network-firewall-application-rule-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az network firewall application-rule create -g $RG -f $FWNAME --collection-name 'aksfwar' -n 'fqdn' --source-addresses '*' --protocols 'http=80' 'https=443' --fqdn-tags "AzureKubernetesService" --action allow --priority 100
     ```
 
@@ -204,7 +204,7 @@ To learn more about Azure Firewall, see the [Azure Firewall documentation](../fi
 
 To associate the cluster with the firewall, the dedicated subnet for the cluster's subnet must reference the route table created above. Use the [`az network vnet subnet update`][az-network-vnet-subnet-update] command to associate the route table to AKS.
 
-```azurecli
+```azurecli-interactive
 az network vnet subnet update -g $RG --vnet-name $VNET_NAME --name $AKSSUBNET_NAME --route-table $FWROUTE_TABLE_NAME
 ```
 
@@ -216,7 +216,7 @@ Now, you can deploy an AKS cluster into the existing virtual network. You will u
 
 The target subnet to be deployed into is defined with the environment variable, `$SUBNETID`. Set the value for the subnet ID using the following command:
 
-```azurecli
+```azurecli-interactive
 SUBNETID=$(az network vnet subnet show -g $RG --vnet-name $VNET_NAME --name $AKSSUBNET_NAME --query id -o tsv)
 ```
 
@@ -238,7 +238,7 @@ You'll define the outbound type to use the UDR that already exists on the subnet
 
 Create an AKS cluster using a system-assigned managed identity with the CNI network plugin using the [`az aks create`][az-aks-create] command.
 
-```azurecli
+```azurecli-interactive
 az aks create -g $RG -n $AKSNAME -l $LOC \
   --node-count 3 \
   --network-plugin azure \
@@ -278,7 +278,7 @@ If you don't have user-assigned identities, follow the steps in this section. If
 
 2. Create a kubelet managed identity using the [`az identity create`][az-identity-create] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az identity create --name myKubeletIdentity --resource-group $RG
    ```
 
@@ -306,7 +306,7 @@ If you don't have user-assigned identities, follow the steps in this section. If
 
 Create an AKS cluster with your existing identities in the subnet using the [`az aks create`][az-aks-create] command, provide the resource ID of the managed identity for the control plane by including the `assign-kubelet-identity` argument.
 
-```azurecli
+```azurecli-interactive
 az aks create -g $RG -n $AKSNAME -l $LOC \
   --node-count 3 \
   --network-plugin kubenet \
@@ -326,19 +326,19 @@ If you used authorized IP ranges for your cluster in the previous step, you need
 
 1. Retrieve your IP address using the following command:
 
-    ```bash
+    ```azurecli-interactive
     CURRENT_IP=$(dig @resolver1.opendns.com ANY myip.opendns.com +short)
     ```
 
 2. Add the IP address to the approved ranges using the [`az aks update`][az-aks-update] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az aks update -g $RG -n $AKSNAME --api-server-authorized-ip-ranges $CURRENT_IP/32
     ```
 
 3. Configure `kubectl` to connect to your AKS cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.
 
-    ```azurecli
+    ```azurecli-interactive
     az aks get-credentials -g $RG -n $AKSNAME
     ```
 
@@ -352,7 +352,7 @@ You can now start exposing services and deploying applications to this cluster.
 
 2. Deploy the service using the `kubectl apply` command.
 
-    ```bash
+   ```azurecli-interactive
    kubectl apply -f https://raw.githubusercontent.com/Azure-Samples/aks-store-demo/main/aks-store-quickstart.yaml
    ```
 
@@ -366,32 +366,32 @@ To configure inbound connectivity, you need to write a DNAT rule to the Azure Fi
 
 1. Get the internal IP address assigned to the load balancer using the `kubectl get services` command.
 
-    ```bash
-    kubectl get services
+   ```azurecli-interactive
+   kubectl get services
    ```
 
-    The IP address will be listed in the `EXTERNAL-IP` column, as shown in the following example output:
+   The IP address will be listed in the `EXTERNAL-IP` column, as shown in the following example output:
 
-    ```bash
+   ```output
    NAME              TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)              AGE
    kubernetes        ClusterIP      10.0.0.1       <none>        443/TCP              9m10s
    order-service     ClusterIP      10.0.104.144   <none>        3000/TCP             11s
    product-service   ClusterIP      10.0.237.60    <none>        3002/TCP             10s
    rabbitmq          ClusterIP      10.0.161.128   <none>        5672/TCP,15672/TCP   11s
    store-front       LoadBalancer   10.0.89.139    20.39.18.6    80:32271/TCP         10s
-    ```
+   ```
 
 2. Get the service IP using the `kubectl get svc voting-app` command.
 
-   ```bash
-    SERVICE_IP=$(kubectl get svc voting-app -o jsonpath='{.status.loadBalancer.ingress[*].ip}')
-    ```
+   ```azurecli-interactive
+   SERVICE_IP=$(kubectl get svc voting-app -o jsonpath='{.status.loadBalancer.ingress[*].ip}')
+   ```
 
 3. Add the NAT rule using the [`az network firewall nat-rule create`][az-network-firewall-nat-rule-create] command.
 
-    ```azurecli
-    az network firewall nat-rule create --collection-name exampleset --destination-addresses $FWPUBLIC_IP --destination-ports 80 --firewall-name $FWNAME --name inboundrule --protocols Any --resource-group $RG --source-addresses '*' --translated-port 80 --action Dnat --priority 100 --translated-address $SERVICE_IP
-    ```
+   ```azurecli-interactive
+   az network firewall nat-rule create --collection-name exampleset --destination-addresses $FWPUBLIC_IP --destination-ports 80 --firewall-name $FWNAME --name inboundrule --protocols Any --resource-group $RG --source-addresses '*' --translated-port 80 --action Dnat --priority 100 --translated-address $SERVICE_IP
+   ```
 
 ## Validate connectivity
 
@@ -407,7 +407,7 @@ On this page, you can view products, add them to your cart, and then place an or
 
 To clean up Azure resources, delete the AKS resource group using the [`az group delete`][az-group-delete] command.
 
-```azurecli
+```azurecli-interactive
 az group delete -g $RG
 ```
 
