[AKS] az aks create and az aks nodepool add: Add --pod-subnet-id to support dynamically assigne pod ip (Azure#21651)

* add podsubnetid

* linter exclusion

* fixing lint issues

* some cleanup/lint

* add vnet_subnet_id and pod_subnet_id to aks nodepool add

Author: mattstam

linter_exclusions.yml

@@ -173,6 +173,9 @@ acs create:
     master_vnet_subnet_id:
       rule_exclusions:
       - option_length_too_long
+    master_pod_subnet_id:
+      rule_exclusions:
+      - option_length_too_long
 acs kubernetes install-cli:
   parameters:
     kubelogin_install_location:

src/azure-cli/azure/cli/command_modules/acs/_help.py

@@ -385,6 +385,9 @@
   - name: --vnet-subnet-id
     type: string
     short-summary: The ID of a subnet in an existing VNet into which to deploy the cluster.
+  - name: --pod-subnet-id
+    type: string
+    short-summary: The ID of a subnet in an existing VNet into which to assign pods in the cluster (requires azure network-plugin).
   - name: --ppg
     type: string
     short-summary: The ID of a PPG.
@@ -937,6 +940,9 @@
   - name: --vnet-subnet-id
     type: string
     short-summary: The ID of a subnet in an existing VNet into which to deploy the cluster.
+  - name: --pod-subnet-id
+    type: string
+    short-summary: The ID of a subnet in an existing VNet into which to assign pods in the cluster (requires azure network-plugin).
   - name: --ppg
     type: string
     short-summary: The ID of a PPG.

src/azure-cli/azure/cli/command_modules/acs/_params.py

@@ -23,8 +23,9 @@
     validate_nodepool_name, validate_vm_set_type, validate_load_balancer_sku, validate_nodepool_id, validate_snapshot_id,
     validate_load_balancer_outbound_ips, validate_priority, validate_eviction_policy, validate_spot_max_price,
     validate_load_balancer_outbound_ip_prefixes, validate_taints, validate_ip_ranges, validate_acr, validate_nodepool_tags,
-    validate_load_balancer_outbound_ports, validate_load_balancer_idle_timeout, validate_vnet_subnet_id, validate_nodepool_labels,
-    validate_ppg, validate_assign_identity, validate_max_surge, validate_assign_kubelet_identity, validate_credential_format)
+    validate_load_balancer_outbound_ports, validate_load_balancer_idle_timeout, validate_vnet_subnet_id, validate_pod_subnet_id,
+    validate_nodepool_labels, validate_ppg, validate_assign_identity, validate_max_surge, validate_assign_kubelet_identity,
+    validate_credential_format)
 from ._consts import (
     CONST_OUTBOUND_TYPE_LOAD_BALANCER,
     CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING,
@@ -259,6 +260,8 @@ def load_arguments(self, _):
         c.argument('node_osdisk_size', type=int)
         c.argument('vnet_subnet_id', type=str,
                    validator=validate_vnet_subnet_id)
+        c.argument('pod_subnet_id', type=str,
+                   validator=validate_pod_subnet_id)
         c.argument('workspace_resource_id')
         c.argument('enable_msi_auth_for_monitoring', arg_type=get_three_state_flag(), is_preview=True)
         c.argument('skip_subnet_role_assignment', action='store_true')
@@ -446,6 +449,8 @@ def load_arguments(self, _):
         c.argument('zones', zones_type, options_list=['--zones', '-z'], help='Space-separated list of availability zones where agent nodes will be placed.')
         c.argument('node_vm_size', options_list=['--node-vm-size', '-s'], completer=get_vm_size_completion_list)
         c.argument('max_pods', type=int, options_list=['--max-pods', '-m'])
+        c.argument('vnet_subnet_id', type=str, validator=validate_vnet_subnet_id)
+        c.argument('pod_subnet_id', type=str, validator=validate_pod_subnet_id)
         c.argument('os_type', type=str)
         c.argument('os_sku', completer=get_ossku_completion_list)
         c.argument('enable_cluster_autoscaler', options_list=["--enable-cluster-autoscaler", "-e"], action='store_true')

src/azure-cli/azure/cli/command_modules/acs/_validators.py

@@ -283,12 +283,19 @@ def validate_nodepool_tags(ns):
 
 
 def validate_vnet_subnet_id(namespace):
-    if namespace.vnet_subnet_id is not None:
-        if namespace.vnet_subnet_id == '':
-            return
-        from msrestazure.tools import is_valid_resource_id
-        if not is_valid_resource_id(namespace.vnet_subnet_id):
-            raise CLIError("--vnet-subnet-id is not a valid Azure resource ID.")
+    _validate_subnet_id(namespace.vnet_subnet_id, "--vnet-subnet-id")
+
+
+def validate_pod_subnet_id(namespace):
+    _validate_subnet_id(namespace.pod_subnet_id, "--pod-subnet-id")
+
+
+def _validate_subnet_id(subnet_id, name):
+    if subnet_id is None or subnet_id == '':
+        return
+    from msrestazure.tools import is_valid_resource_id
+    if not is_valid_resource_id(subnet_id):
+        raise InvalidArgumentValueError(name + " is not a valid Azure resource ID.")
 
 
 def validate_ppg(namespace):

src/azure-cli/azure/cli/command_modules/acs/custom.py

@@ -1961,6 +1961,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value,  # pylint:
                workspace_resource_id=None,
                enable_msi_auth_for_monitoring=False,
                vnet_subnet_id=None,
+               pod_subnet_id=None,
                ppg=None,
                max_pods=0,
                min_count=None,
@@ -2808,6 +2809,7 @@ def _handle_addons_args(cmd, addons_str, subscription_id, resource_group_name, a
                         enable_msi_auth_for_monitoring=False,
                         aci_subnet_name=None,
                         vnet_subnet_id=None,
+                        pod_subnet_id=None,
                         appgw_name=None,
                         appgw_subnet_cidr=None,
                         appgw_id=None,
@@ -3123,6 +3125,7 @@ def aks_agentpool_add(cmd, client, resource_group_name, cluster_name, nodepool_n
                       node_osdisk_size=0,
                       node_count=3,
                       vnet_subnet_id=None,
+                      pod_subnet_id=None,
                       ppg=None,
                       max_pods=0,
                       os_type=None,
@@ -3208,6 +3211,7 @@ def aks_agentpool_add(cmd, client, resource_group_name, cluster_name, nodepool_n
         os_type=os_type,
         os_sku=os_sku,
         vnet_subnet_id=vnet_subnet_id,
+        pod_subnet_id=pod_subnet_id,
         proximity_placement_group_id=ppg,
         agent_pool_type="VirtualMachineScaleSets",
         max_pods=int(max_pods) if max_pods else None,

src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_decorator.py

@@ -4819,6 +4819,7 @@ def test_set_up_agent_pool_profiles(self):
             os_type="Linux",
             os_sku=None,
             vnet_subnet_id=None,
+            pod_subnet_id=None,
             proximity_placement_group_id=None,
             availability_zones=None,
             enable_node_public_ip=False,

src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_validators.py

@@ -133,6 +133,36 @@ class VnetSubnetIdNamespace:
     def __init__(self, vnet_subnet_id):
         self.vnet_subnet_id = vnet_subnet_id
 
+class TestPodSubnetId(unittest.TestCase):
+    def test_invalid_pod_subnet_id(self):
+        invalid_pod_subnet_id = "dummy subnet id"
+        namespace = PodSubnetIdNamespace(invalid_pod_subnet_id)
+        err = ("--pod-subnet-id is not a valid Azure resource ID.")
+
+        with self.assertRaises(CLIError) as cm:
+            validators.validate_pod_subnet_id(namespace)
+        self.assertEqual(str(cm.exception), err)
+
+    def test_valid_pod_subnet_id(self):
+        invalid_pod_subnet_id = "/subscriptions/testid/resourceGroups/MockedResourceGroup/providers/Microsoft.Network/virtualNetworks/MockedNetworkId/subnets/MockedSubNetId"
+        namespace = PodSubnetIdNamespace(invalid_pod_subnet_id)
+        validators.validate_pod_subnet_id(namespace)
+
+    def test_none_pod_subnet_id(self):
+        invalid_pod_subnet_id = None
+        namespace = PodSubnetIdNamespace(invalid_pod_subnet_id)
+        validators.validate_pod_subnet_id(namespace)
+
+    def test_empty_pod_subnet_id(self):
+        invalid_pod_subnet_id = ""
+        namespace = PodSubnetIdNamespace(invalid_pod_subnet_id)
+        validators.validate_pod_subnet_id(namespace)
+
+
+class PodSubnetIdNamespace:
+    def __init__(self, pod_subnet_id):
+        self.pod_subnet_id = pod_subnet_id
+
 
 class MaxSurgeNamespace:
     def __init__(self, max_surge):