diff --git a/linter_exclusions.yml b/linter_exclusions.yml index e2f0002ae5e..c8a56ecea89 100644 --- a/linter_exclusions.yml +++ b/linter_exclusions.yml @@ -259,6 +259,9 @@ aks create: node_osdisk_diskencryptionset_id: rule_exclusions: - option_length_too_long + enable_encryption_at_host: + rule_exclusions: + - option_length_too_long aks enable-addons: parameters: workspace_resource_id: @@ -277,6 +280,9 @@ aks nodepool add: node_public_ip_prefix_id: rule_exclusions: - option_length_too_long + enable_encryption_at_host: + rule_exclusions: + - option_length_too_long aks update: parameters: aad_admin_group_object_ids: diff --git a/src/azure-cli/azure/cli/command_modules/acs/_help.py b/src/azure-cli/azure/cli/command_modules/acs/_help.py index b33886d64bb..cf557d2a172 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/_help.py +++ b/src/azure-cli/azure/cli/command_modules/acs/_help.py @@ -437,6 +437,9 @@ - name: --enable-sgxquotehelper type: bool short-summary: Enable SGX quote helper for confcom addon. + - name: --enable-encryption-at-host + type: bool + short-summary: Enable EncryptionAtHost, default value is false. examples: - name: Create a Kubernetes cluster with an existing SSH public key. text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey @@ -474,6 +477,8 @@ text: az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-diskencryptionset-id - name: Create a kubernetes cluster with ephemeral OS enabled. text: az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48 + - name: Create a kubernetes cluster with EncryptionAtHost enabled. + text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-encryption-at-host """ helps['aks update'] = """ @@ -786,9 +791,14 @@ - name: --max-surge type: string short-summary: Extra nodes used to speed upgrade. When specified, it represents the number or percent used, eg. 5 or 33% + - name: --enable-encryption-at-host + type: bool + short-summary: Enable EncryptionAtHost, default value is false. examples: - name: Create a nodepool in an existing AKS cluster with ephemeral os enabled. text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48 + - name: Create a nodepool with EncryptionAtHost enabled. + text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --enable-encryption-at-host """ helps['aks nodepool delete'] = """ diff --git a/src/azure-cli/azure/cli/command_modules/acs/_params.py b/src/azure-cli/azure/cli/command_modules/acs/_params.py index a427252eab2..9682b351eda 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/_params.py +++ b/src/azure-cli/azure/cli/command_modules/acs/_params.py @@ -220,6 +220,7 @@ def load_arguments(self, _): c.argument('enable_ahub', options_list=['--enable-ahub']) c.argument('node_osdisk_diskencryptionset_id', type=str, options_list=['--node-osdisk-diskencryptionset-id', '-d']) c.argument('aci_subnet_name') + c.argument('enable_encryption_at_host', options_list=['--enable-encryption-at-host'], action='store_true') c.argument('appgw_name', options_list=['--appgw-name'], arg_group='Application Gateway') c.argument('appgw_subnet_cidr', options_list=['--appgw-subnet-cidr'], arg_group='Application Gateway') c.argument('appgw_id', options_list=['--appgw-id'], arg_group='Application Gateway') @@ -323,6 +324,7 @@ def load_arguments(self, _): c.argument('ppg', type=str, validator=validate_ppg) c.argument('max_surge', type=str, validator=validate_max_surge) c.argument('node_os_disk_type', arg_type=get_enum_type([CONST_OS_DISK_TYPE_MANAGED, CONST_OS_DISK_TYPE_EPHEMERAL])) + c.argument('enable_encryption_at_host', options_list=['--enable-encryption-at-host'], action='store_true') for scope in ['aks nodepool show', 'aks nodepool delete', 'aks nodepool scale', 'aks nodepool upgrade', 'aks nodepool update']: with self.argument_context(scope) as c: diff --git a/src/azure-cli/azure/cli/command_modules/acs/custom.py b/src/azure-cli/azure/cli/command_modules/acs/custom.py index abd93a69755..584f2325800 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/custom.py +++ b/src/azure-cli/azure/cli/command_modules/acs/custom.py @@ -1899,6 +1899,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint: appgw_subnet_id=None, appgw_watch_namespace=None, enable_sgxquotehelper=False, + enable_encryption_at_host=False, no_wait=False, yes=False): _validate_ssh_key(no_ssh_key, ssh_key_value) @@ -1930,6 +1931,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint: availability_zones=zones, enable_node_public_ip=enable_node_public_ip, node_public_ip_prefix_id=node_public_ip_prefix_id, + enable_encryption_at_host=enable_encryption_at_host, max_pods=int(max_pods) if max_pods else None, type=vm_set_type, mode="System" @@ -3408,6 +3410,7 @@ def aks_agentpool_add(cmd, client, resource_group_name, cluster_name, nodepool_n labels=None, max_surge=None, mode="User", + enable_encryption_at_host=False, no_wait=False): instances = client.list(resource_group_name, cluster_name) for agentpool_profile in instances: @@ -3453,6 +3456,7 @@ def aks_agentpool_add(cmd, client, resource_group_name, cluster_name, nodepool_n node_public_ip_prefix_id=node_public_ip_prefix_id, node_taints=taints_array, upgrade_settings=upgradeSettings, + enable_encryption_at_host=enable_encryption_at_host, mode=mode )