From f527ddf840b4a46cb7ae7c724edfeb8da059f959 Mon Sep 17 00:00:00 2001 From: deveshdama <87668846+deveshdama@users.noreply.github.com> Date: Tue, 20 Jun 2023 19:01:13 -0700 Subject: [PATCH] Azure Service Mesh - BYO CA, Egress Gateway and Mesh Revisions (#24453) * Azure Service Mesh - BYO CA and Egress Gateway * prettier fix. * adding changes for for revisions and meshversioncompatibilityprofile * adding a missing parameter * Changes as per lint failures --- ...anagedClustersGet_MeshRevisionProfile.json | 53 +++ ...ManagedClustersGet_MeshUpgradeProfile.json | 35 ++ ...agedClustersList_MeshRevisionProfiles.json | 56 +++ ...nagedClustersList_MeshUpgradeProfiles.json | 38 ++ .../2023-06-02-preview/managedClusters.json | 398 +++++++++++++++++- 5 files changed, 579 insertions(+), 1 deletion(-) create mode 100644 specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshRevisionProfile.json create mode 100644 specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshUpgradeProfile.json create mode 100644 specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshRevisionProfiles.json create mode 100644 specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshUpgradeProfiles.json diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshRevisionProfile.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshRevisionProfile.json new file mode 100644 index 000000000000..0865202ae4b6 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshRevisionProfile.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-06-02-preview", + "subscriptionId": "subid1", + "location": "location1", + "mode": "istio" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/providers/Microsoft.ContainerService/locations/location1/meshRevisionProfiles/istio", + "type": "Microsoft.ContainerService/locations/meshRevisionProfiles", + "name": "istio", + "properties": { + "meshRevisions": [ + { + "revision": "1-17", + "upgrades": [ + "1-18" + ], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.23", + "1.24", + "1.25", + "1.26" + ] + } + ] + }, + { + "revision": "1-18", + "upgrades": [], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.24", + "1.25", + "1.26", + "1.27" + ] + } + ] + } + ] + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshUpgradeProfile.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshUpgradeProfile.json new file mode 100644 index 000000000000..b8dfd3da3cd0 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersGet_MeshUpgradeProfile.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-06-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "mode": "istio" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/meshUpgradeProfiles/istio", + "type": "Microsoft.ContainerService/managedClusters/meshUpgradeProfiles", + "name": "istio", + "properties": { + "revision": "1-17", + "upgrades": [ + "1-18" + ], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.23", + "1.24", + "1.25", + "1.26" + ] + } + ] + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshRevisionProfiles.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshRevisionProfiles.json new file mode 100644 index 000000000000..2e9117e6a6f9 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshRevisionProfiles.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-06-02-preview", + "subscriptionId": "subid1", + "location": "location1" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/subid1/providers/Microsoft.ContainerService/locations/location1/meshRevisionProfiles/istio", + "type": "Microsoft.ContainerService/locations/meshRevisionProfiles", + "name": "istio", + "properties": { + "meshRevisions": [ + { + "revision": "1-17", + "upgrades": [ + "1-18" + ], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.23", + "1.24", + "1.25", + "1.26" + ] + } + ] + }, + { + "revision": "1-18", + "upgrades": [], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.24", + "1.25", + "1.26", + "1.27" + ] + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshUpgradeProfiles.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshUpgradeProfiles.json new file mode 100644 index 000000000000..7bd552e65357 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/examples/ManagedClustersList_MeshUpgradeProfiles.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2023-06-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/meshUpgradeProfiles/istio", + "type": "Microsoft.ContainerService/managedClusters/meshUpgradeProfiles", + "name": "istio", + "properties": { + "revision": "1-17", + "upgrades": [ + "1-18" + ], + "compatibleWith": [ + { + "name": "kubernetes", + "versions": [ + "1.23", + "1.24", + "1.25", + "1.26" + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/managedClusters.json index c28d24139fb1..b14aa9c0d1e4 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-06-02-preview/managedClusters.json @@ -601,7 +601,7 @@ "Create Managed Cluster with Node Public IP Prefix": { "$ref": "./examples/ManagedClustersCreate_NodePublicIPPrefix.json" }, - "Create Managed Cluster with Azure KeyVault Secrets Provider Addon": { + "Create Managed Cluster with Azure Key Vault Secrets Provider Addon": { "$ref": "./examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json" }, "Create Managed Cluster with FIPS enabled OS": { @@ -3099,6 +3099,182 @@ } } } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.ContainerService/locations/{location}/meshRevisionProfiles": { + "get": { + "tags": [ + "ManagedClusters" + ], + "operationId": "ManagedClusters_ListMeshRevisionProfiles", + "summary": "Lists mesh revision profiles for all meshes in the specified location.", + "description": "Contains extra metadata on each revision, including supported revisions, cluster compatibility and available upgrades", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/LocationParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MeshRevisionProfileList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List mesh revision profiles in a location": { + "$ref": "./examples/ManagedClustersList_MeshRevisionProfiles.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.ContainerService/locations/{location}/meshRevisionProfiles/{mode}": { + "get": { + "tags": [ + "ManagedClusters" + ], + "operationId": "ManagedClusters_GetMeshRevisionProfile", + "summary": "Gets a mesh revision profile for a specified mesh in the specified location.", + "description": "Contains extra metadata on the revision, including supported revisions, cluster compatibility and available upgrades", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/LocationParameter" + }, + { + "$ref": "#/parameters/MeshModeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MeshRevisionProfile" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a mesh revision profile for a mesh mode": { + "$ref": "./examples/ManagedClustersGet_MeshRevisionProfile.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/meshUpgradeProfiles": { + "get": { + "tags": [ + "ManagedClusters" + ], + "operationId": "ManagedClusters_ListMeshUpgradeProfiles", + "summary": "Lists available upgrades for all service meshes in a specific cluster.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MeshUpgradeProfileList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Lists version compatibility and upgrade profile for all service meshes in a cluster": { + "$ref": "./examples/ManagedClustersList_MeshUpgradeProfiles.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/meshUpgradeProfiles/{mode}": { + "get": { + "tags": [ + "ManagedClusters" + ], + "operationId": "ManagedClusters_GetMeshUpgradeProfile", + "summary": "Gets available upgrades for a service mesh in a cluster.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + }, + { + "$ref": "#/parameters/MeshModeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MeshUpgradeProfile" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Gets version compatibility and upgrade profile for a service mesh in a cluster": { + "$ref": "./examples/ManagedClustersGet_MeshUpgradeProfile.json" + } + } + } } }, "definitions": { @@ -7764,6 +7940,18 @@ "properties": { "components": { "$ref": "#/definitions/IstioComponents" + }, + "certificateAuthority": { + "$ref": "#/definitions/IstioCertificateAuthority" + }, + "revisions": { + "type": "array", + "description": "The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade", + "items": { + "type": "string" + }, + "uniqueItems": true, + "maxItems": 2 } } }, @@ -7781,6 +7969,14 @@ } } }, + "egressGateways": { + "type": "array", + "description": "Istio egress gateways.", + "items": { + "$ref": "#/definitions/IstioEgressGateway" + }, + "x-ms-identifiers": [] + }, "IstioIngressGateway": { "type": "object", "description": "Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`.", @@ -7817,6 +8013,195 @@ "enabled" ] }, + "IstioCertificateAuthority": { + "type": "object", + "description": "Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca", + "properties": { + "plugin": { + "$ref": "#/definitions/IstioPluginCertificateAuthority" + } + } + }, + "IstioPluginCertificateAuthority": { + "type": "object", + "description": "Plugin certificates information for Service Mesh.", + "properties": { + "keyVaultId": { + "type": "string", + "format": "arm-id", + "x-ms-arm-id-details": { + "allowedResources": [ + { + "type": "Microsoft.KeyVault/vaults" + } + ] + }, + "description": "The resource ID of the Key Vault." + }, + "certObjectName": { + "type": "string", + "description": "Intermediate certificate object name in Azure Key Vault." + }, + "keyObjectName": { + "type": "string", + "description": "Intermediate certificate private key object name in Azure Key Vault." + }, + "rootCertObjectName": { + "type": "string", + "description": "Root certificate object name in Azure Key Vault." + }, + "certChainObjectName": { + "type": "string", + "description": "Certificate chain object name in Azure Key Vault." + } + } + }, + "IstioEgressGateway": { + "type": "object", + "description": "Istio egress gateway configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable the egress gateway." + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "NodeSelector for scheduling the egress gateway." + } + }, + "required": [ + "enabled" + ] + }, + "MeshRevisionProfileList": { + "type": "object", + "description": "Holds an array of MeshRevisionsProfiles", + "properties": { + "value": { + "type": "array", + "x-ms-identifiers": [], + "items": { + "$ref": "#/definitions/MeshRevisionProfile" + }, + "description": "Array of service mesh add-on revision profiles for all supported mesh modes." + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of mesh revision profile.", + "readOnly": true + } + } + }, + "MeshRevisionProfile": { + "type": "object", + "description": "Mesh revision profile for a mesh.", + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/MeshRevisionProfileProperties" + } + } + }, + "MeshRevisionProfileProperties": { + "type": "object", + "description": "Mesh revision profile properties for a mesh", + "properties": { + "meshRevisions": { + "type": "array", + "x-ms-identifiers": [], + "items": { + "$ref": "#/definitions/MeshRevision" + } + } + } + }, + "MeshUpgradeProfileList": { + "type": "object", + "description": "Holds an array of MeshUpgradeProfiles", + "properties": { + "value": { + "type": "array", + "x-ms-identifiers": [], + "items": { + "$ref": "#/definitions/MeshUpgradeProfile" + }, + "description": "Array of supported service mesh add-on upgrade profiles." + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of mesh upgrade profile.", + "readOnly": true + } + } + }, + "MeshUpgradeProfile": { + "type": "object", + "description": "Upgrade profile for given mesh.", + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/MeshUpgradeProfileProperties" + } + } + }, + "MeshUpgradeProfileProperties": { + "type": "object", + "description": "Mesh upgrade profile properties for a major.minor release.", + "allOf": [ + { + "$ref": "#/definitions/MeshRevision" + } + ] + }, + "MeshRevision": { + "type": "object", + "description": "Holds information on upgrades and compatibility for given major.minor mesh release.", + "properties": { + "revision": { + "type": "string" + }, + "upgrades": { + "type": "array", + "description": "List of revisions available for upgrade of a specific mesh revision", + "items": { + "type": "string" + } + }, + "compatibleWith": { + "type": "array", + "description": "List of items this revision of service mesh is compatible with, and their associated versions.", + "items": { + "$ref": "#/definitions/CompatibleVersions" + }, + "x-ms-identifiers": [] + } + } + }, + "CompatibleVersions": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "versions": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "KubernetesSupportPlan": { "type": "string", "description": "Different support tiers for AKS managed clusters", @@ -7978,6 +8363,17 @@ "minLength": 1, "maxLength": 24, "x-ms-parameter-location": "method" + }, + "MeshModeParameter": { + "name": "mode", + "in": "path", + "required": true, + "type": "string", + "minLength": 1, + "maxLength": 24, + "pattern": "^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$", + "description": "The mode of the mesh.", + "x-ms-parameter-location": "method" } } }