Azure · zhoxing-ms · Aug 29, 2023 · Aug 23, 2023 · Aug 24, 2023 · Aug 28, 2023
@@ -9,14 +9,24 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+Pending
++++++++
+
+0.5.154
++++++++
+* Vendor new SDK and bump API version to 2023-07-02-preview.
+* [Breaking Change] Remove option `--upgrade-settings` from `az aks update` command, use option `--enable-force-upgrade` and `--disable-force-upgrade` instead.
+* [Breaking Change] Deprecate option `--dns-zone-resource-id` from `az aks create`, `az aks addon enable`, `az aks addon update` and `az aks enable-addons` commands, use option `--dns-zone-resource-ids` instead.
+
 0.5.153
 ++++++
 * outbound ip, ipprefix and managed ips in loadbalancerProfile should be mutually exclusive
 
 0.5.152
 ++++++
 * move loadbalancer/natgateway util functions to azure-cli and update reference in aks-preview project. 
-* bump azure-cli to 2.49
+* Update the minimum required cli core version to `2.49.0`.
+* Add plugin CA support for `az aks mesh enable` commands for Azure Service Mesh.
 
 0.5.151
 +++++++
@@ -27,7 +37,6 @@ To release a new version, please select a new version number (usually plus 1 to
 * Vendor new SDK and bump API version to 2023-06-02-preview.
 * Add `--network-dataplane` to the `az aks update` command.
 * Support "VirtualMachines" agent pool type to `az aks create --vm-set-type` and `az aks nodepool add --vm-set-type`. This is internal use only, not for public preview.
-* Add plugin CA support for `az aks mesh enable` commands for Azure Service Mesh.
 
 0.5.149
 +++++++

@@ -16,7 +16,7 @@ def register_aks_preview_resource_type():
     register_resource_type(
         "latest",
         CUSTOM_MGMT_AKS_PREVIEW,
-        SDKProfile("2023-06-02-preview", {"container_services": "2017-07-01"}),
+        SDKProfile("2023-07-02-preview", {"container_services": "2017-07-01"}),
     )
 
 

@@ -91,9 +91,6 @@
 CONST_NODE_OS_CHANNEL_SECURITY_PATCH = "SecurityPatch"
 CONST_NODE_OS_CHANNEL_UNMANAGED = "Unmanaged"
 
-# consts for cluster upgrade settings
-CONST_IGNORE_KUBERNETES_DEPRECATIONS = "IgnoreKubernetesDeprecations"
-
 # consts for nrg-lockdown restriction level
 CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_READONLY = "ReadOnly"
 CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_UNRESTRICTED = "Unrestricted"

@@ -500,6 +500,9 @@
         - name: --dns-zone-resource-id
           type: string
           short-summary: The resource ID of the DNS zone resource to use with the web_application_routing addon.
+        - name: --dns-zone-resource-ids
+          type: string
+          short-summary: A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.
         - name: --enable-custom-ca-trust
           type: bool
           short-summary: Enable Custom CA Trust on agent node pool.
@@ -796,13 +799,15 @@
         - name: --node-os-upgrade-channel
           type: string
           short-summary: Manner in which the OS on your nodes is updated. It could be NodeImage, None, SecurityPatch or Unmanaged.
-        - name: --upgrade-settings
-          type: string
-          short-summary: A comma separated list of supported cluster upgrade settings. E.g., IgnoreKubernetesDeprecations.
-          long-summary: Allowed value is "IgnoreKubernetesDeprecations". If set as "", upgrade settings will be set to default and the existing overrides will no longer be effective.
+        - name: --enable-force-upgrade
+          type: bool
+          short-summary: Enable forceUpgrade cluster upgrade settings override.
+        - name: --disable-force-upgrade
+          type: bool
+          short-summary: Disable forceUpgrade cluster upgrade settings override.
         - name: --upgrade-override-until
           type: string
-          short-summary: Until when the cluster upgradeSettings overrides are effective. It needs to be in a valid date-time format that's within the next 30 days. For example, 2023-04-01T13:00:00Z. Note that if --upgrade-settings is set to IgnoreKubernetesDeprecations and --upgrade-override-until is not set, by default it will be set to 3 days from now.
+          short-summary: Until when the cluster upgradeSettings overrides are effective. It needs to be in a valid date-time format that's within the next 30 days. For example, 2023-04-01T13:00:00Z. Note that if --force-upgrade is set to true and --upgrade-override-until is not set, by default it will be set to 3 days from now.
         - name: --enable-managed-identity
           type: bool
           short-summary: Update current cluster to managed identity to manage cluster resource group.
@@ -1911,6 +1916,9 @@
   - name: --dns-zone-resource-id
     type: string
     short-summary: The resource ID of the DNS zone resource to use with the web_application_routing addon.
+  - name: --dns-zone-resource-ids
+    type: string
+    short-summary: A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.
 examples:
   - name: Enable a Kubernetes addon. (autogenerated)
     text: az aks addon enable --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet
@@ -1975,6 +1983,9 @@
   - name: --dns-zone-resource-id
     type: string
     short-summary: The resource ID of the DNS zone resource to use with the web_application_routing addon.
+  - name: --dns-zone-resource-ids
+    type: string
+    short-summary: A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.
 examples:
   - name: Update a Kubernetes addon. (autogenerated)
     text: az aks addon update --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet
@@ -2053,6 +2064,9 @@
   - name: --dns-zone-resource-id
     type: string
     short-summary: The resource ID of the DNS zone resource to use with the web_application_routing addon.
+  - name: --dns-zone-resource-ids
+    type: string
+    short-summary: A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.
   - name: --aks-custom-headers
     type: string
     short-summary: Send custom headers. When specified, format should be Key1=Value1,Key2=Value2

@@ -154,7 +154,8 @@
     validate_user,
     validate_utc_offset,
     validate_vm_set_type,
-    validate_vnet_subnet_id
+    validate_vnet_subnet_id,
+    validate_force_upgrade_disable_and_enable_parameters
 )
 from azure.cli.core.commands.parameters import (
     edge_zone_type,
@@ -417,7 +418,8 @@ def load_arguments(self, _):
         c.argument('cluster_snapshot_id', validator=validate_cluster_snapshot_id, is_preview=True)
         c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True)
         c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True)
-        c.argument('dns_zone_resource_id')
+        c.argument('dns_zone_resource_id', deprecate_info=c.deprecate(target='--dns-zone-resource-id', redirect='--dns-zone-resource-ids', hide=True))
+        c.argument('dns_zone_resource_ids', is_preview=True)
         c.argument('enable_keda', action='store_true', is_preview=True)
         c.argument('enable_vpa', action='store_true', is_preview=True, help="enable vertical pod autoscaler for cluster")
         c.argument('enable_node_restriction', action='store_true', is_preview=True, help="enable node restriction for cluster")
@@ -465,7 +467,8 @@ def load_arguments(self, _):
         c.argument('kube_proxy_config')
         c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels))
         c.argument('node_os_upgrade_channel', arg_type=get_enum_type(node_os_upgrade_channels))
-        c.argument('upgrade_settings', is_preview=True)
+        c.argument('disable_force_upgrade', action='store_true', validator=validate_force_upgrade_disable_and_enable_parameters)
+        c.argument('enable_force_upgrade', action='store_true', validator=validate_force_upgrade_disable_and_enable_parameters)
         c.argument('upgrade_override_until', is_preview=True)
         c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"],
                    help="Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.")
@@ -729,7 +732,8 @@ def load_arguments(self, _):
                    arg_type=get_three_state_flag(), is_preview=True)
         c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True)
         c.argument('data_collection_settings', is_preview=True)
-        c.argument('dns-zone-resource-id')
+        c.argument('dns_zone_resource_id', deprecate_info=c.deprecate(target='--dns-zone-resource-id', redirect='--dns-zone-resource-ids', hide=True))
+        c.argument('dns_zone_resource_ids', is_preview=True)
 
     with self.argument_context('aks addon disable') as c:
         c.argument('addon', options_list=[
@@ -760,7 +764,8 @@ def load_arguments(self, _):
                    arg_type=get_three_state_flag(), is_preview=True)
         c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True)
         c.argument('data_collection_settings', is_preview=True)
-        c.argument('dns-zone-resource-id')
+        c.argument('dns_zone_resource_id', deprecate_info=c.deprecate(target='--dns-zone-resource-id', redirect='--dns-zone-resource-ids', hide=True))
+        c.argument('dns_zone_resource_ids', is_preview=True)
 
     with self.argument_context('aks disable-addons') as c:
         c.argument('addons', options_list=['--addons', '-a'], validator=validate_addons)
@@ -782,7 +787,8 @@ def load_arguments(self, _):
         c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True)
         c.argument('enable_syslog', arg_type=get_three_state_flag(), is_preview=True)
         c.argument('data_collection_settings', is_preview=True)
-        c.argument('dns-zone-resource-id')
+        c.argument('dns_zone_resource_id', deprecate_info=c.deprecate(target='--dns-zone-resource-id', redirect='--dns-zone-resource-ids', hide=True))
+        c.argument('dns_zone_resource_ids', is_preview=True)
 
     with self.argument_context('aks get-credentials') as c:
         c.argument('admin', options_list=['--admin', '-a'], default=False)

@@ -660,6 +660,11 @@ def validate_defender_disable_and_enable_parameters(namespace):
         raise ArgumentUsageError('Providing both --disable-defender and --enable-defender flags is invalid')
 
 
+def validate_force_upgrade_disable_and_enable_parameters(namespace):
+    if namespace.disable_force_upgrade and namespace.enable_force_upgrade:
+        raise MutuallyExclusiveArgumentError('Providing both --disable-force-upgrade and --enable-force-upgrade flags is invalid')
+
+
 def sanitize_resource_id(resource_id):
     resource_id = resource_id.strip()
     if not resource_id.startswith("/"):

@@ -61,6 +61,7 @@ def enable_addons(cmd,
                   rotation_poll_interval=None,
                   no_wait=False,
                   dns_zone_resource_id=None,
+                  dns_zone_resource_ids=None,
                   enable_msi_auth_for_monitoring=True,
                   enable_syslog=False,
                   data_collection_settings=None):
@@ -82,7 +83,7 @@ def enable_addons(cmd,
                              appgw_watch_namespace=appgw_watch_namespace,
                              enable_sgxquotehelper=enable_sgxquotehelper,
                              enable_secret_rotation=enable_secret_rotation, rotation_poll_interval=rotation_poll_interval, no_wait=no_wait,
-                             dns_zone_resource_id=dns_zone_resource_id,
+                             dns_zone_resource_id=dns_zone_resource_id, dns_zone_resource_ids=dns_zone_resource_ids,
                              enable_syslog=enable_syslog,
                              data_collection_settings=data_collection_settings)
 
@@ -183,6 +184,7 @@ def update_addons(cmd,  # pylint: disable=too-many-branches,too-many-statements
                   enable_secret_rotation=False,
                   rotation_poll_interval=None,
                   dns_zone_resource_id=None,
+                  dns_zone_resource_ids=None,
                   no_wait=False,  # pylint: disable=unused-argument
                   enable_syslog=False,
                   data_collection_settings=None):
@@ -224,8 +226,19 @@ def update_addons(cmd,  # pylint: disable=too-many-branches,too-many-statements
                 instance.ingress_profile.web_app_routing = ManagedClusterIngressProfileWebAppRouting()
             instance.ingress_profile.web_app_routing.enabled = enable
 
-            if dns_zone_resource_id is not None:
-                instance.ingress_profile.web_app_routing.dns_zone_resource_id = dns_zone_resource_id
+            if dns_zone_resource_ids is not None:
+                instance.ingress_profile.web_app_routing.dns_zone_resource_ids = [
+                    x.strip()
+                    for x in (
+                        dns_zone_resource_ids.split(",")
+                        if dns_zone_resource_ids
+                        else []
+                    )
+                ]
+            # for backward compatibility, if --dns-zone-resource-ids is not specified,
+            # try to read from --dns-zone-resource-id
+            if not instance.ingress_profile.web_app_routing.dns_zone_resource_ids and dns_zone_resource_id:
+                instance.ingress_profile.web_app_routing.dns_zone_resource_ids = [dns_zone_resource_id]
             continue
 
         if addon_arg not in ADDONS: