Azure · yanzhudd · Nov 7, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 31, 2024
@@ -9,6 +9,11 @@ If there is no rush to release a new version, please just add a description of t
 
 To release a new version, please select a new version number (usually plus 1 to last patch version, X.Y.Z -> Major.Minor.Patch, more details in `\doc <https://semver.org/>`_), and then add a new section named as the new version number in this file, the content should include the new modifications and everything from the *Pending* section. Finally, update the `VERSION` variable in `setup.py` with this new version number.
 
+9.0.0b9
++++++++
+* Add advanced container networking service (acns) enablement GA commands `--disable-acns-observability` and `--disable-acns-security` to `az aks create/update` command.
+* Depricate advanced container networking service (acns) enablement preview commands `--enable-advanced-network-observability`, `--disable-advanced-network-observability`, `--enable-fqdn-policy`, `--disable-fqdn-policy`, and `--advanced-networking-observability-tls-management` from `az aks create/update` command.
+
 9.0.0b8
 +++++++
 * Update VM SKU validations to get values from backend API for Azure Container Storage.

@@ -327,10 +327,6 @@
 CONST_IMDS_RESTRICTION_ENABLED = "None"
 CONST_IMDS_RESTRICTION_DISABLED = "IMDS"
 
-# TLS Management Consts
-CONST_TLS_MANAGEMENT_MANAGED = "Managed"
-CONST_TLS_MANAGEMENT_NONE = "None"
-
 # GPU Driver Type Consts
 CONST_GPU_DRIVER_TYPE_CUDA = "CUDA"
 CONST_GPU_DRIVER_TYPE_GRID = "GRID"
@@ -235,16 +235,22 @@
               This flag is deprecated in favor of --network-dataplane=cilium.
         - name: --enable-advanced-network-observability
           type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: --enable-advanced-network-observability is deprecated. Please use '--enable-acns' instead.
         - name: --enable-fqdn-policy
           type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: --enable-fqdn-policy is deprecated. Please use '--enable-acns' instead.
         - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
+        - name: -disable-acns-observability
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --advanced-networking-observability-tls-management
           type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
+          short-summary: --advanced-networking-observability-tls-management is deprecated. All ACNS clusters with observability enabled default to managed TLS.
         - name: --no-ssh-key -x
           type: string
           short-summary: Do not use or create a local SSH key.
@@ -1230,25 +1236,31 @@
           short-summary: The node labels for all node pool. See https://aka.ms/node-labels for syntax of labels.
         - name: --enable-advanced-network-observability
           type: bool
-          short-summary: Enable advanced network observability functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: --enable-advanced-network-observability is deprecated. Please use '--enable-acns' instead.
         - name: --disable-advanced-network-observability
           type: bool
-          short-summary: Disable advanced network observability functionalities on a cluster
+          short-summary: --disable-advanced-network-observability is deprecated. Please use '--disable-acns-observability' instead.
         - name: --advanced-networking-observability-tls-management
           type: string
-          short-summary: Management of TLS certificates for querying network flow logs via the flow log endpoint for Advanced Networking observability clusters. Valid values are "Managed" and "None". If not specified, the default is Managed.
+          short-summary: --advanced-networking-observability-tls-management is deprecated. All ACNS clusters with observability enabled default to managed TLS.
         - name: --enable-fqdn-policy
           type: bool
-          short-summary: Enable advanced network security FQDN functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: --enable-fqdn-policy is deprecated. Please use '--enable-acns' instead.
         - name: --disable-fqdn-policy
           type: bool
-          short-summary: Disable advanced network security FQDN functionalities on a cluster
+          short-summary: --disable-fqdn-policy is deprecated. Please use '--disable-acns-security' instead.
         - name: --enable-acns
           type: bool
-          short-summary: Enable advanced network functionalities on a cluster. Note that enabling this will incur additional costs.
+          short-summary: Enable advanced network functionalities on a cluster. Enabling this will incur additional costs.
         - name: --disable-acns
           type: bool
-          short-summary: Disable advanced network functionalities on a cluster
+          short-summary: Disable all advanced networking functionalities on a cluster.
+        - name: --disable-acns-observability
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
+        - name: --disable-acns-security
+          type: bool
+          short-summary: Used to disable advanced networking observability features on a clusters when enabling advanced networking features with "--enable-acns".
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.

@@ -127,8 +127,6 @@
     CONST_APP_ROUTING_EXTERNAL_NGINX,
     CONST_APP_ROUTING_INTERNAL_NGINX,
     CONST_APP_ROUTING_NONE_NGINX,
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
 )
@@ -417,11 +415,6 @@
     CONST_APP_ROUTING_NONE_NGINX
 ]
 
-tls_management_types = [
-    CONST_TLS_MANAGEMENT_MANAGED,
-    CONST_TLS_MANAGEMENT_NONE,
-]
-
 gpu_driver_types = [
     CONST_GPU_DRIVER_TYPE_CUDA,
     CONST_GPU_DRIVER_TYPE_GRID,
@@ -840,17 +833,29 @@ def load_arguments(self, _):
             "enable_advanced_network_observability",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--enable-advanced-network-observability",
+                redirect="--enable-acns",
+                hide=True,
+            ),
         )
         c.argument(
             "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
-            default=CONST_TLS_MANAGEMENT_MANAGED,
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--advanced-networking-observability-tls-management",
+                hide=True,
+            ),
         )
         c.argument(
             "enable_fqdn_policy",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--enable-fqdn-policy",
+                redirect="--enable-acns",
+                hide=True,
+            ),
         )
         c.argument(
             "enable_acns",
@@ -1337,26 +1342,49 @@ def load_arguments(self, _):
             "enable_advanced_network_observability",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--enable-advanced-network-observability",
+                redirect="--enable-acns",
+                hide=True,
+            ),
         )
         c.argument(
             "disable_advanced_network_observability",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--disable-advanced-network-observability",
+                redirect="--disable-acns-observability",
+                hide=True,
+            ),
         )
         c.argument(
             "advanced_networking_observability_tls_management",
-            arg_type=get_enum_type(tls_management_types),
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--advanced-networking-observability-tls-management",
+                hide=True,
+            ),
         )
         c.argument(
             "enable_fqdn_policy",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--enable-fqdn-policy",
+                redirect="--enable-acns",
+                hide=True,
+            ),
         )
         c.argument(
             "disable_fqdn_policy",
             action="store_true",
             is_preview=True,
+            deprecate_info=c.deprecate(
+                target="--disable-fqdn-policy",
+                redirect="--disable-acns-security",
+                hide=True,
+            ),
         )
         c.argument(
             "enable_acns",

@@ -493,10 +493,13 @@ def aks_create(
     enable_addon_autoscaling=False,
     enable_cilium_dataplane=False,
     custom_ca_trust_certificates=None,
+    # advanced networking
     enable_advanced_network_observability=None,
     advanced_networking_observability_tls_management=None,
     enable_fqdn_policy=None,
     enable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # nodepool
     crg_id=None,
     message_of_the_day=None,
@@ -725,13 +728,16 @@ def aks_update(
     safeguards_level=None,
     safeguards_version=None,
     safeguards_excluded_ns=None,
+    # advanced networking
     enable_advanced_network_observability=None,
     disable_advanced_network_observability=None,
     advanced_networking_observability_tls_management=None,
     enable_fqdn_policy=None,
     disable_fqdn_policy=None,
     enable_acns=None,
     disable_acns=None,
+    disable_acns_observability=None,
+    disable_acns_security=None,
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,