Skip to content

[AKS HOBO] Add support for hosted-on-behalf-of systempool autoscaling #8596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 6, 2025
+44 −2
Merged

[AKS HOBO] Add support for hosted-on-behalf-of systempool autoscaling #8596

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion cluster-autoscaler/cloudprovider/azure/azure_cache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,11 +107,17 @@ type azureCache struct {
}

func newAzureCache(client *azClient, cacheTTL time.Duration, config Config) (*azureCache, error) {
nodeResourceGroup := config.ResourceGroup
// Hosted (on-behalf-of) system pool node resources are in the AKS internal resource group within AME tenants,
// which differs from the MC_* resource group found in the customer subscription.
if config.HostedResourceGroup != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to in azure_config.go, do you mind adding a comment on the purpose of this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comments added

nodeResourceGroup = config.HostedResourceGroup
}
cache := &azureCache{
interrupt: make(chan struct{}),
azClient: client,
refreshInterval: cacheTTL,
resourceGroup: config.ResourceGroup,
resourceGroup: nodeResourceGroup,
clusterResourceGroup: config.ClusterResourceGroup,
clusterName: config.ClusterName,
enableVMsAgentPool: config.EnableVMsAgentPool,
Expand Down
29 changes: 29 additions & 0 deletions cluster-autoscaler/cloudprovider/azure/azure_config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,15 @@ type Config struct {
// It can override the default public ARM endpoint for VMs pool scale operations.
ARMBaseURLForAPClient string `json:"armBaseURLForAPClient" yaml:"armBaseURLForAPClient"`

// Hosted (on-behalf-of) system pool configuration for automatic cluster.
// HostedSubscriptionID is the subscription ID of the hosted resources under AKS internal tenant.
HostedSubscriptionID string `json:"hostedSubscriptionID" yaml:"hostedSubscriptionID"`
// HostedResourceGroup is the resource group of the hosted resources under AKS internal tenant.
HostedResourceGroup string `json:"hostedResourceGroup" yaml:"hostedResourceGroup"`
// HostedResourceProxyURL is the URL to use for retrieving hosted resources under AKS internal tenant.
// It can override the default public ARM endpoint for operations like VM/SKU GET.
HostedResourceProxyURL string `json:"hostedResourceProxyURL" yaml:"hostedResourceProxyURL"`

// AuthMethod determines how to authorize requests for the Azure
// cloud. Valid options are "principal" (= the traditional
// service principle approach) and "cli" (= load az command line
Expand Down Expand Up @@ -223,6 +232,15 @@ func BuildAzureConfig(configReader io.Reader) (*Config, error) {
if _, err = assignFromEnvIfExists(&cfg.SubscriptionID, "ARM_SUBSCRIPTION_ID"); err != nil {
return nil, err
}
if _, err = assignFromEnvIfExists(&cfg.HostedResourceProxyURL, "HOSTED_RESOURCE_PROXY_URL"); err != nil {
return nil, err
}
if _, err = assignFromEnvIfExists(&cfg.HostedSubscriptionID, "HOSTED_SUBSCRIPTION_ID"); err != nil {
return nil, err
}
if _, err = assignFromEnvIfExists(&cfg.HostedResourceGroup, "HOSTED_RESOURCE_GROUP"); err != nil {
return nil, err
}
if _, err = assignBoolFromEnvIfExists(&cfg.UseManagedIdentityExtension, "ARM_USE_MANAGED_IDENTITY_EXTENSION"); err != nil {
return nil, err
}
Expand Down Expand Up @@ -380,6 +398,17 @@ func (cfg *Config) getAzureClientConfig(authorizer autorest.Authorizer, env *azu
}
}

// A proxy service is required to access resources for the Hosted (on-behalf-of) system pool within automatic clusters.
if cfg.HostedResourceProxyURL != "" {
azClientConfig.ResourceManagerEndpoint = cfg.HostedResourceProxyURL
}

// Hosted (on-behalf-of) system pool resources are hosted under AKS internal tenant and subscription.
// it is different from the customer subscription where the cluster is created.
if cfg.HostedSubscriptionID != "" {
azClientConfig.SubscriptionID = cfg.HostedSubscriptionID
}

if cfg.HasExtendedLocation() {
azClientConfig.ExtendedLocation = &azclients.ExtendedLocation{
Name: cfg.ExtendedLocationName,
Expand Down
9 changes: 8 additions & 1 deletion cluster-autoscaler/cloudprovider/azure/azure_vms_pool.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,16 @@ func (vmPool *VMPool) IncreaseSize(delta int) error {
if len(versionedAP.Properties.VirtualMachinesProfile.Scale.Manual) > 0 {
requestBody = buildRequestBodyForScaleUp(versionedAP, count, vmPool.sku)

} else { // AKS-managed CAS will use custom header for setting the target count
}
// hosted CAS will be using Autoscale scale profile
// HostedSystem will be using manual scale profile
// Both of them need to set the Target-Count and SKU headers
if len(versionedAP.Properties.VirtualMachinesProfile.Scale.Autoscale) > 0 ||
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are the new states that make us stop using else?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is because Hobo systempool will only have manual scale profile, but its scaling request will be processed by NPS, so a simple if-else check on the scale profile type is no longer sufficient to distinguish between self-hosted and managed CAS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is my understanding below correct?

Before:

  • Self-hosted: have manual scale profile: go to the if only
  • Managed: don't have manual scale profile: go the else only

Now:

  • Self-hosted: have manual scale profile: go to the if only
  • Managed: don't have manual scale profile AND have auto scale profile: go the second if only
  • HOBO: have manual scale profile and HostedSystem mode: go to both
    • If not introducing the new if, it would go to the if only, while we want it to go to the else as well due to it being managed

(versionedAP.Properties.Mode != nil &&
strings.EqualFold(string(*versionedAP.Properties.Mode), "HostedSystem")) {
header := make(http.Header)
header.Set("Target-Count", fmt.Sprintf("%d", count))
header.Set("SKU", fmt.Sprintf("%s", vmPool.sku))
updateCtx = policy.WithHTTPHeader(updateCtx, header)
}

Expand Down
Loading