From 34d6e83e8145836bc31e342b7eaed3aa95580765 Mon Sep 17 00:00:00 2001 From: Abel Hu Date: Thu, 9 Sep 2021 15:37:34 +0800 Subject: [PATCH 1/4] Add gmsaProfile in WindowsProfile for AKS --- ...nagedClustersCreate_UpdateWindowsGmsa.json | 281 ++++++++++++++++++ .../stable/2021-09-01/managedClusters.json | 25 ++ .../resource-manager/readme.go.md | 11 + .../resource-manager/readme.java.md | 14 + .../resource-manager/readme.python.md | 11 + 5 files changed, 342 insertions(+) create mode 100644 specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json new file mode 100644 index 000000000000..804f629548dd --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json @@ -0,0 +1,281 @@ +{ + "parameters": { + "api-version": "2021-09-01", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "parameters": { + "location": "location1", + "tags": { + "tier": "production", + "archv2": "" + }, + "sku": { + "name": "Basic", + "tier": "Free" + }, + "properties": { + "kubernetesVersion": "", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS1_v2", + "osType": "Linux", + "type": "VirtualMachineScaleSets", + "availabilityZones": [ + "1", + "2", + "3" + ], + "enableNodePublicIP": true, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "networkProfile": { + "loadBalancerSku": "standard", + "outboundType": "loadBalancer", + "loadBalancerProfile": { + "managedOutboundIPs": { + "count": 2 + } + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + }, + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacePassword1234$", + "gmsaProfile": { + "enabled": true + } + }, + "servicePrincipalProfile": { + "clientId": "clientid", + "secret": "secret" + }, + "addonProfiles": {}, + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {} + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Succeeded", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS1_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Succeeded", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "availabilityZones": [ + "1", + "2", + "3" + ], + "enableNodePublicIP": true, + "mode": "System", + "nodeImageVersion": "AKSUbuntu:1604:2020.03.11" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser", + "gmsaProfile": { + "enabled": true + } + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io", + "networkProfile": { + "loadBalancerSku": "basic", + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "outboundType": "loadBalancer", + "loadBalancerProfile": { + "allocatedOutboundPorts": 2000, + "idleTimeoutInMinutes": 10, + "managedOutboundIPs": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": { + "principalId": "principalId1", + "clientId": "clientId1" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Creating", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS1_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Creating", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "availabilityZones": [ + "1", + "2", + "3" + ], + "enableNodePublicIP": true, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser", + "gmsaProfile": { + "enabled": true + } + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "networkProfile": { + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "loadBalancerSku": "standard", + "outboundType": "loadBalancer", + "loadBalancerProfile": { + "allocatedOutboundPorts": 2000, + "idleTimeoutInMinutes": 10, + "managedOutboundIPs": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": { + "principalId": "principalId1", + "clientId": "clientId1" + } + } + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json index c7152fd0f838..c3d62377bbb2 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json @@ -564,6 +564,9 @@ }, "Create Managed Cluster using an agent pool snapshot": { "$ref": "./examples/ManagedClustersCreate_Snapshot.json" + }, + "Create/Update Managed Cluster with Windows gMSA enabled": { + "$ref": "./examples/ManagedClustersCreate_UpdateWindowsGmsa.json" } } }, @@ -2929,6 +2932,10 @@ "type": "boolean", "title": "Whether to enable CSI proxy.", "description": "For more details on CSI proxy, see the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy)." + }, + "gmsaProfile": { + "$ref": "#/definitions/WindowsGmsaProfile", + "description": "The Windows gMSA Profile in the Managed Cluster." } }, "required": [ @@ -2936,6 +2943,24 @@ ], "description": "Profile for Windows VMs in the managed cluster." }, + "WindowsGmsaProfile": { + "properties": { + "enabled": { + "type": "boolean", + "title": "Whether to enable Windows gMSA.", + "description": "Specifiy whether to enable Windows gMSA in the managed cluster." + }, + "dnsServer": { + "type": "string", + "description": "Specifies the DNS server for Windows gMSA.

Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster." + }, + "rootDomainName": { + "type": "string", + "description": "Specifies the root domain name for Windows gMSA.

Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster." + } + }, + "description": "Windows gMSA Profile in the managed cluster." + }, "ContainerServiceLinuxProfile": { "properties": { "adminUsername": { diff --git a/specification/containerservice/resource-manager/readme.go.md b/specification/containerservice/resource-manager/readme.go.md index 792722c739ae..1f7d147da198 100644 --- a/specification/containerservice/resource-manager/readme.go.md +++ b/specification/containerservice/resource-manager/readme.go.md @@ -20,6 +20,7 @@ azure-arm: true ``` yaml $(go) && $(multiapi) batch: + - tag: package-2021-09 - tag: package-2021-08 - tag: package-2021-07 - tag: package-2021-05 @@ -50,6 +51,16 @@ batch: - tag: package-2017-07 ``` +### Tag: package-2021-09 and go + +These settings apply only when `--package-2021-09 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +``` yaml $(tag)=='package-2021-09' && $(go) +namespace: containerservice +output-folder: $(go-sdk-folder)/services/$(namespace)/mgmt/2021-09-01/$(namespace) +``` + ### Tag: package-2021-08 and go These settings apply only when `--package-2021-08 --go` is specified on the command line. diff --git a/specification/containerservice/resource-manager/readme.java.md b/specification/containerservice/resource-manager/readme.java.md index 7d53a96b35dd..5834e2175ece 100644 --- a/specification/containerservice/resource-manager/readme.java.md +++ b/specification/containerservice/resource-manager/readme.java.md @@ -38,6 +38,20 @@ batch: - tag: package-2021-05 - tag: package-2021-07 - tag: package-2021-08 + - tag: package-2021-09 +``` + +### Tag: package-2021-09 and java + +These settings apply only when `--tag=package-2021-09` is specified on the command line. +Please also specify `--azure-libraries-for-java-folder=`. + +``` yaml $(tag) == 'package-2021-09' && $(java) && $(multiapi) +java: + namespace: com.microsoft.azure.management.containerservice.v2021_09_01 + output-folder: $(azure-libraries-for-java-folder)/sdk/containerservice/mgmt-v2021_09_01 +regenerate-manager: true +generate-interface: true ``` ### Tag: package-2021-08 and java diff --git a/specification/containerservice/resource-manager/readme.python.md b/specification/containerservice/resource-manager/readme.python.md index 9e13e102aecc..f966032e68b3 100644 --- a/specification/containerservice/resource-manager/readme.python.md +++ b/specification/containerservice/resource-manager/readme.python.md @@ -17,6 +17,7 @@ Generate all API versions currently shipped for this package ```yaml $(python) && $(multiapi) && $(track2) batch: + - tag: package-2021-09-01-only - tag: package-2021-08-01-only - tag: package-2021-07-01-only - tag: package-2021-05-01-only @@ -53,6 +54,16 @@ clear-output-folder: false perform-load: false ``` +### Tag: package-2021-09-01-only and python + +These settings apply only when `--tag=package-2021-09-01-only --python` is specified on the command line. +Please also specify `--python-sdks-folder=`. + +``` yaml $(tag) == 'package-2021-09-01-only' && $(python) +namespace: azure.mgmt.containerservice.v2021_09_01 +output-folder: $(python-sdks-folder)/containerservice/azure-mgmt-containerservice/azure/mgmt/containerservice/v2021_09_01 +``` + ### Tag: package-2021-08-01-only and python These settings apply only when `--tag=package-2021-08-01-only --python` is specified on the command line. From d041c203dab94ddc98b41c7345f5ee308cf2198e Mon Sep 17 00:00:00 2001 From: Abel Hu Date: Fri, 10 Sep 2021 16:32:02 +0800 Subject: [PATCH 2/4] fix spell errors --- custom-words.txt | 2 ++ .../stable/2021-09-01/managedClusters.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/custom-words.txt b/custom-words.txt index 21f47057170d..374d18f608ec 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -808,6 +808,8 @@ Gloo gltf gluster glusterfs +gmsa +Gmsa GOARCH GPUMIG GPUP diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json index c3d62377bbb2..fe18914cb4ff 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json @@ -2948,7 +2948,7 @@ "enabled": { "type": "boolean", "title": "Whether to enable Windows gMSA.", - "description": "Specifiy whether to enable Windows gMSA in the managed cluster." + "description": "Specifies whether to enable Windows gMSA in the managed cluster." }, "dnsServer": { "type": "string", From 4708dfc748fbd196ac4cb546100b72d609cb3712 Mon Sep 17 00:00:00 2001 From: Abel Hu Date: Fri, 10 Sep 2021 17:05:00 +0800 Subject: [PATCH 3/4] Fix lint issue --- .../stable/2021-09-01/managedClusters.json | 1 + 1 file changed, 1 insertion(+) diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json index fe18914cb4ff..da5b47aac154 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-09-01/managedClusters.json @@ -2944,6 +2944,7 @@ "description": "Profile for Windows VMs in the managed cluster." }, "WindowsGmsaProfile": { + "type": "object", "properties": { "enabled": { "type": "boolean", From 172fa749c5975986282d65218dcc2527b0df832d Mon Sep 17 00:00:00 2001 From: Abel Hu Date: Tue, 14 Sep 2021 09:22:32 +0800 Subject: [PATCH 4/4] Update readme.md for AKS 2021-09-01 --- .../containerservice/resource-manager/readme.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/specification/containerservice/resource-manager/readme.md b/specification/containerservice/resource-manager/readme.md index 5f28376461b5..86bb0e4c63f0 100644 --- a/specification/containerservice/resource-manager/readme.md +++ b/specification/containerservice/resource-manager/readme.md @@ -46,6 +46,7 @@ These settings apply only when `--tag=package-2021-09` is specified on the comma input-file: - Microsoft.ContainerService/stable/2021-09-01/managedClusters.json ``` + ### Tag: package-2021-08 These settings apply only when `--tag=package-2021-08` is specified on the command line. @@ -355,6 +356,19 @@ input-file: ``` +### Tag: package-2021-09-01-only + +These settings apply only when `--tag=package-2021-09-01-only` is specified on the command line. + +``` yaml $(tag) == 'package-2021-09-01-only' +input-file: +- Microsoft.ContainerService/stable/2021-09-01/managedClusters.json +directive: + - suppress: DefinitionsPropertiesNamesCamelCase + where: $.definitions.ManagedClusterProperties.properties.autoScalerProfile + reason: Cluster-autoscaler settings are not camel-cased +``` + ### Tag: package-2021-08-01-only These settings apply only when `--tag=package-2021-08-01-only` is specified on the command line.