Merge branch 'master' into master-az

charts/aks-operator-crd/templates/crds.yaml

@@ -46,6 +46,9 @@ spec:
             dockerBridgeCidr:
               nullable: true
               type: string
+            httpApplicationRouting:
+              nullable: true
+              type: boolean
             imported:
               type: boolean
             kubernetesVersion:

controller/aks-cluster-config-handler.go

@@ -584,6 +584,12 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
 		upstreamSpec.LinuxSSHPublicKey = sshKeys[0].KeyData
 	}
 
+	// set addons profile
+	addonProfile := clusterState.AddonProfiles
+	if addonProfile != nil && addonProfile["httpApplicationRouting"] != nil {
+		upstreamSpec.HTTPApplicationRouting = addonProfile["httpApplicationRouting"].Enabled
+	}
+
 	// set API server access profile
 	upstreamSpec.PrivateCluster = to.BoolPtr(false)
 	if clusterState.APIServerAccessProfile != nil {
@@ -600,7 +606,8 @@ func BuildUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.Secr
 
 // updateUpstreamClusterState compares the upstream spec with the config spec, then updates the upstream AKS cluster to
 // match the config spec. Function returns after a update is finished.
-func (h *Handler) updateUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.SecretCache, config *aksv1.AKSClusterConfig, upstreamSpec *aksv1.AKSClusterConfigSpec) (*aksv1.AKSClusterConfig, error) {
+func (h *Handler) updateUpstreamClusterState(ctx context.Context, secretsCache wranglerv1.SecretCache,
+	config *aksv1.AKSClusterConfig, upstreamSpec *aksv1.AKSClusterConfigSpec) (*aksv1.AKSClusterConfig, error) {
 	credentials, err := aks.GetSecrets(secretsCache, &config.Spec)
 	if err != nil {
 		return config, err
@@ -700,6 +707,14 @@ func (h *Handler) updateUpstreamClusterState(ctx context.Context, secretsCache w
 		}
 	}
 
+	// check addon HTTP Application Routing
+	if config.Spec.HTTPApplicationRouting != nil {
+		if to.Bool(config.Spec.HTTPApplicationRouting) != to.Bool(upstreamSpec.HTTPApplicationRouting) {
+			logrus.Infof("Updating HTTP application routing for cluster [%s]", config.Spec.ClusterName)
+			updateAksCluster = true
+		}
+	}
+
 	if updateAksCluster {
 		resourceGroupsClient, err := aks.NewResourceGroupClient(credentials)
 		if err != nil {
@@ -708,7 +723,7 @@ func (h *Handler) updateUpstreamClusterState(ctx context.Context, secretsCache w
 
 		if !aks.ExistsResourceGroup(ctx, resourceGroupsClient, config.Spec.ResourceGroup) {
 			logrus.Infof("Resource group [%s] does not exist, creating", config.Spec.ResourceGroup)
-			if err := aks.CreateResourceGroup(ctx, resourceGroupsClient, &config.Spec); err != nil {
+			if err = aks.CreateResourceGroup(ctx, resourceGroupsClient, &config.Spec); err != nil {
 				return config, fmt.Errorf("error during updating resource group %v", err)
 			}
 			logrus.Infof("Resource group [%s] updated successfully", config.Spec.ResourceGroup)

internal/aks/client.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-11-01/containerservice"
+	"github.com/Azure/azure-sdk-for-go/services/operationalinsights/mgmt/2020-08-01/operationalinsights"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/adal"
@@ -59,6 +60,18 @@ func NewAgentPoolClient(cred *Credentials) (*containerservice.AgentPoolsClient,
 	return &agentProfile, nil
 }
 
+func NewOperationInsightsWorkspaceClient(cred *Credentials) (*operationalinsights.WorkspacesClient, error) {
+	authorizer, err := NewClientAuthorizer(cred)
+	if err != nil {
+		return nil, err
+	}
+
+	client := operationalinsights.NewWorkspacesClientWithBaseURI(to.String(cred.BaseURL), cred.SubscriptionID)
+	client.Authorizer = authorizer
+
+	return &client, nil
+}
+
 func NewClientAuthorizer(cred *Credentials) (autorest.Authorizer, error) {
 	if cred.AuthBaseURL == nil {
 		cred.AuthBaseURL = to.StringPtr(azure.PublicCloud.ActiveDirectoryEndpoint)

internal/aks/create.go

@@ -3,6 +3,7 @@ package aks
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-11-01/containerservice"
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources"
@@ -23,7 +24,8 @@ func CreateResourceGroup(ctx context.Context, groupsClient *resources.GroupsClie
 }
 
 // CreateOrUpdateCluster creates a new managed Kubernetes cluster
-func CreateOrUpdateCluster(ctx context.Context, cred *Credentials, clusterClient *containerservice.ManagedClustersClient, spec *aksv1.AKSClusterConfigSpec) error {
+func CreateOrUpdateCluster(ctx context.Context, cred *Credentials, clusterClient *containerservice.ManagedClustersClient,
+	spec *aksv1.AKSClusterConfigSpec) error {
 	dnsPrefix := spec.DNSPrefix
 	if dnsPrefix == nil {
 		dnsPrefix = to.StringPtr(spec.ClusterName)
@@ -120,6 +122,15 @@ func CreateOrUpdateCluster(ctx context.Context, cred *Credentials, clusterClient
 		}
 	}
 
+	var addonProfiles map[string]*containerservice.ManagedClusterAddonProfile
+	if hasHTTPApplicationRoutingSupport(spec) {
+		addonProfiles = map[string]*containerservice.ManagedClusterAddonProfile{
+			"httpApplicationRouting": {
+				Enabled: spec.HTTPApplicationRouting,
+			},
+		}
+	}
+
 	managedCluster := containerservice.ManagedCluster{
 		Name:     to.StringPtr(spec.ClusterName),
 		Location: to.StringPtr(spec.ResourceLocation),
@@ -130,6 +141,7 @@ func CreateOrUpdateCluster(ctx context.Context, cred *Credentials, clusterClient
 			AgentPoolProfiles: &agentPoolProfiles,
 			LinuxProfile:      linuxProfile,
 			NetworkProfile:    networkProfile,
+			AddonProfiles:     addonProfiles,
 			ServicePrincipalProfile: &containerservice.ManagedClusterServicePrincipalProfile{
 				ClientID: to.StringPtr(cred.ClientID),
 				Secret:   to.StringPtr(cred.ClientSecret),
@@ -142,7 +154,7 @@ func CreateOrUpdateCluster(ctx context.Context, cred *Credentials, clusterClient
 			AuthorizedIPRanges: spec.AuthorizedIPRanges,
 		}
 	}
-	if spec.PrivateCluster != nil && *spec.PrivateCluster {
+	if to.Bool(spec.PrivateCluster) {
 		managedCluster.APIServerAccessProfile = &containerservice.ManagedClusterAPIServerAccessProfile{
 			EnablePrivateCluster: spec.PrivateCluster,
 		}
@@ -169,6 +181,9 @@ func CreateOrUpdateAgentPool(ctx context.Context, agentPoolClient *containerserv
 		Type:                containerservice.VirtualMachineScaleSets,
 		OrchestratorVersion: np.OrchestratorVersion,
 		AvailabilityZones:   np.AvailabilityZones,
+		EnableAutoScaling:   np.EnableAutoScaling,
+		MinCount:            np.MinCount,
+		MaxCount:            np.MaxCount,
 	}
 
 	_, err := agentPoolClient.CreateOrUpdate(ctx, spec.ResourceGroup, spec.ClusterName, to.String(np.Name), containerservice.AgentPool{
@@ -185,3 +200,8 @@ func hasCustomVirtualNetwork(spec *aksv1.AKSClusterConfigSpec) bool {
 func hasLinuxProfile(spec *aksv1.AKSClusterConfigSpec) bool {
 	return spec.LinuxAdminUsername != nil && spec.LinuxSSHPublicKey != nil
 }
+
+func hasHTTPApplicationRoutingSupport(spec *aksv1.AKSClusterConfigSpec) bool {
+	// HttpApplicationRouting is not supported in azure china cloud
+	return !strings.HasPrefix(spec.ResourceLocation, "china")
+}

pkg/apis/aks.cattle.io/v1/types.go

@@ -58,6 +58,7 @@ type AKSClusterConfigSpec struct {
 	NodePools                   []AKSNodePool     `json:"nodePools"`
 	PrivateCluster              *bool             `json:"privateCluster"`
 	AuthorizedIPRanges          *[]string         `json:"authorizedIpRanges"`
+	HTTPApplicationRouting      *bool             `json:"httpApplicationRouting"`
 }
 
 type AKSClusterConfigStatus struct {