Skip to content

Feature/aks acns performance #9136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Sep 18, 2025
Merged

Feature/aks acns performance #9136

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
26e1c45
feat: add acns perf options
santhoshmprabhu Sep 5, 2025
53662a1
feat: fix issues, add tests
santhoshmprabhu Sep 5, 2025
6df73df
chore: update history
santhoshmprabhu Sep 5, 2025
5f53ddb
Update src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
santhoshmprabhu Sep 6, 2025
99ce76f
Update src/aks-preview/azext_aks_preview/tests/latest/test_managed_cl…
santhoshmprabhu Sep 6, 2025
9c144eb
Update src/aks-preview/linter_exclusions.yml
santhoshmprabhu Sep 6, 2025
ff1e4aa
Update src/aks-preview/linter_exclusions.yml
santhoshmprabhu Sep 6, 2025
e7cee6c
fix: address comments
santhoshmprabhu Sep 8, 2025
4b03472
Merge branch 'feature/aks-acns-performance' of github.com:santhoshmpr…
santhoshmprabhu Sep 8, 2025
4b94d26
Merge remote-tracking branch 'origin/main' into feature/aks-acns-perf…
santhoshmprabhu Sep 8, 2025
b990811
fix: address comments
santhoshmprabhu Sep 14, 2025
3d980de
fix: switch to westcentralus
santhoshmprabhu Sep 14, 2025
5f48643
Merge remote-tracking branch 'origin/main' into feature/aks-acns-perf…
santhoshmprabhu Sep 14, 2025
fe39c07
chore: update version
santhoshmprabhu Sep 14, 2025
a1a2172
fix: undo accidental delete
santhoshmprabhu Sep 16, 2025
3747363
chore: update acns perf test, add recording
santhoshmprabhu Sep 16, 2025
555f7ae
Merge remote-tracking branch 'origin/main' into feature/aks-acns-perf…
santhoshmprabhu Sep 18, 2025
9a24346
fix bad merge
santhoshmprabhu Sep 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/aks-preview/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ To release a new version, please select a new version number (usually plus 1 to
Pending
+++++++

18.0.0b36
+++++++

* Add option `--acns-performance-acceleration-mode <None|BpfVeth>` to `az aks create/update`

18.0.0b35
+++++++
* Vendor new SDK and bump API version to 2025-07-02-preview.
Expand Down
4 changes: 4 additions & 0 deletions src/aks-preview/azext_aks_preview/_consts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,10 @@
CONST_TRANSIT_ENCRYPTION_TYPE_NONE = "None"
CONST_TRANSIT_ENCRYPTION_TYPE_WIREGUARD = "WireGuard"

# ACNS performance acceleration mode
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_NONE = "None"
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH = "BpfVeth"

# network pod ip allocation mode
CONST_NETWORK_POD_IP_ALLOCATION_MODE_DYNAMIC_INDIVIDUAL = "DynamicIndividual"
CONST_NETWORK_POD_IP_ALLOCATION_MODE_STATIC_BLOCK = "StaticBlock"
Expand Down
6 changes: 6 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,9 @@
- name: --acns-advanced-networkpolicies
type: string
short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
- name: --acns-performance-acceleration-mode
type: string
short-summary: Used to set the acceleration mode (None or BpfVeth) on a cluster when enabling advanced networking features with "--enable-acns".
- name: --enable-retina-flow-logs
type: bool
short-summary: Enable advanced network flow log collection functionalities on a cluster.
Expand Down Expand Up @@ -1244,6 +1247,9 @@
- name: --acns-advanced-networkpolicies
type: string
short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
- name: --acns-performance-acceleration-mode
type: string
short-summary: Used to set the acceleration mode (None or BpfVeth) on a cluster when enabling advanced networking features with "--enable-acns".
- name: --enable-retina-flow-logs
type: bool
short-summary: Enable advanced network flow log collection functionalities on a cluster.
Expand Down
18 changes: 18 additions & 0 deletions src/aks-preview/azext_aks_preview/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,8 @@
CONST_ADVANCED_NETWORKPOLICIES_L7,
CONST_TRANSIT_ENCRYPTION_TYPE_NONE,
CONST_TRANSIT_ENCRYPTION_TYPE_WIREGUARD,
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH,
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_NONE
)

from azext_aks_preview._validators import (
Expand Down Expand Up @@ -336,6 +338,10 @@
CONST_TRANSIT_ENCRYPTION_TYPE_NONE,
CONST_TRANSIT_ENCRYPTION_TYPE_WIREGUARD,
]
acns_performance_acceleration_modes = [
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_NONE,
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH,
]
network_dataplanes = [CONST_NETWORK_DATAPLANE_AZURE, CONST_NETWORK_DATAPLANE_CILIUM]
disk_driver_versions = [CONST_DISK_DRIVER_V1, CONST_DISK_DRIVER_V2]
outbound_types = [
Expand Down Expand Up @@ -911,6 +917,12 @@ def load_arguments(self, _):
is_preview=True,
arg_type=get_enum_type(advanced_networkpolicies),
)
c.argument(
"acns_performance_acceleration_mode",
is_preview=True,
arg_type=get_enum_type(acns_performance_acceleration_modes),
help="Specify the performance acceleration mode for ACNS. Available values are 'None' and 'BpfVeth'.",
)
c.argument(
"acns_transit_encryption_type",
is_preview=True,
Expand Down Expand Up @@ -1430,6 +1442,12 @@ def load_arguments(self, _):
is_preview=True,
arg_type=get_enum_type(advanced_networkpolicies),
)
c.argument(
"acns_performance_acceleration_mode",
is_preview=True,
arg_type=get_enum_type(acns_performance_acceleration_modes),
help="Specify the performance acceleration mode for ACNS. Available values are 'None' and 'BpfVeth'.",
)
c.argument(
"acns_transit_encryption_type",
is_preview=True,
Expand Down
2 changes: 2 additions & 0 deletions src/aks-preview/azext_aks_preview/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -697,6 +697,7 @@ def aks_create(
acns_advanced_networkpolicies=None,
acns_transit_encryption_type=None,
enable_retina_flow_logs=None,
acns_performance_acceleration_mode=None,
# nodepool
crg_id=None,
message_of_the_day=None,
Expand Down Expand Up @@ -939,6 +940,7 @@ def aks_update(
acns_transit_encryption_type=None,
enable_retina_flow_logs=None,
disable_retina_flow_logs=None,
acns_performance_acceleration_mode=None,
# metrics profile
enable_cost_analysis=False,
disable_cost_analysis=False,
Expand Down
50 changes: 42 additions & 8 deletions src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@
CONST_IMDS_RESTRICTION_DISABLED,
CONST_AVAILABILITY_SET,
CONST_VIRTUAL_MACHINES,
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH,
CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_NONE
)
from azext_aks_preview._helpers import (
check_is_apiserver_vnet_integration_cluster,
Expand Down Expand Up @@ -761,14 +763,15 @@ def get_acns_enablement(self) -> Tuple[
Union[bool, None],
Union[bool, None],
Union[bool, None],
Union[bool, None]
]:
"""Get the enablement of acns
:return: Tuple of 3 elements which can be bool or None
:return: Tuple of 4 elements which can be bool or None
"""
enable_acns = self.raw_param.get("enable_acns")
disable_acns = self.raw_param.get("disable_acns")
if enable_acns is None and disable_acns is None:
return None, None, None
return None, None, None, None
if enable_acns and disable_acns:
raise MutuallyExclusiveArgumentError(
"Cannot specify --enable-acns and "
Expand All @@ -778,17 +781,22 @@ def get_acns_enablement(self) -> Tuple[
disable_acns = bool(disable_acns) if disable_acns is not None else False
acns = enable_acns or not disable_acns
acns_observability = self.get_acns_observability()
acns_performance_acceleration_mode = self.get_acns_performance_acceleration_mode()
acns_perf_enabled = None
if acns_performance_acceleration_mode is not None:
acns_perf_enabled = acns_performance_acceleration_mode == CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH
acns_security = self.get_acns_security()
if acns and (acns_observability is False and acns_security is False):
if acns and (acns_observability is False and acns_security is False and acns_perf_enabled is not True):
raise MutuallyExclusiveArgumentError(
"Cannot disable both observability and security when enabling ACNS. "
"Cannot disable observability, security, and performance acceleration when enabling ACNS. "
"Please enable at least one of them or disable ACNS with --disable-acns."
)
if not acns and (acns_observability is not None or acns_security is not None):
if not acns and (acns_observability is not None or acns_security is not None
or acns_performance_acceleration_mode is not None):
raise MutuallyExclusiveArgumentError(
"--disable-acns does not use any additional acns arguments."
)
return acns, acns_observability, acns_security
return acns, acns_observability, acns_security, acns_perf_enabled

def get_acns_observability(self) -> Union[bool, None]:
"""Get the enablement of acns observability
Expand Down Expand Up @@ -823,6 +831,21 @@ def get_acns_advanced_networkpolicies(self) -> Union[str, None]:
)
return self.raw_param.get("acns_advanced_networkpolicies")

def get_acns_performance_acceleration_mode(self) -> Union[str, None]:
"""Get the value of acns_performance_acceleration_mode

:return: str or None
"""
disable_acns = self.raw_param.get("disable_acns")
acns_performance_acceleration_mode = self.raw_param.get("acns_performance_acceleration_mode")
if (acns_performance_acceleration_mode is not None
and acns_performance_acceleration_mode != CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_NONE):
if disable_acns:
raise MutuallyExclusiveArgumentError(
"--disable-acns cannot be used with --acns-performance-acceleration-mode."
)
return acns_performance_acceleration_mode

def get_acns_transit_encryption_type(self) -> Union[str, None]:
"""Get the value of acns_transit_encryption_type

Expand Down Expand Up @@ -3104,9 +3127,10 @@ def set_up_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
network_profile.network_dataplane = self.context.get_network_dataplane()

acns = None
(acns_enabled, acns_observability_enabled, acns_security_enabled) = self.context.get_acns_enablement()
(acns_enabled, acns_observability_enabled, acns_security_enabled, _) = self.context.get_acns_enablement()
acns_advanced_networkpolicies = self.context.get_acns_advanced_networkpolicies()
acns_transit_encryption_type = self.context.get_acns_transit_encryption_type()
acns_performance_acceleration_mode = self.context.get_acns_performance_acceleration_mode()
if acns_enabled is not None:
acns = self.models.AdvancedNetworking(
enabled=acns_enabled,
Expand All @@ -3132,6 +3156,11 @@ def set_up_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
if acns.security.transit_encryption is None:
acns.security.transit_encryption = self.models.AdvancedNetworkingSecurityTransitEncryption()
acns.security.transit_encryption.type = acns_transit_encryption_type
if acns_performance_acceleration_mode == CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH:
if acns.performance is None:
acns.performance = self.models.AdvancedNetworkingPerformance()
acns.performance.acceleration_mode = acns_performance_acceleration_mode

network_profile.advanced_networking = acns
return mc

Expand Down Expand Up @@ -4303,9 +4332,10 @@ def update_acns_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
self._ensure_mc(mc)

acns = None
(acns_enabled, acns_observability_enabled, acns_security_enabled) = self.context.get_acns_enablement()
(acns_enabled, acns_observability_enabled, acns_security_enabled, _) = self.context.get_acns_enablement()
acns_advanced_networkpolicies = self.context.get_acns_advanced_networkpolicies()
acns_transit_encryption_type = self.context.get_acns_transit_encryption_type()
acns_performance_acceleration_mode = self.context.get_acns_performance_acceleration_mode()
if acns_enabled is not None:
acns = self.models.AdvancedNetworking(
enabled=acns_enabled,
Expand All @@ -4331,6 +4361,10 @@ def update_acns_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
if acns.security.transit_encryption is None:
acns.security.transit_encryption = self.models.AdvancedNetworkingSecurityTransitEncryption()
acns.security.transit_encryption.type = acns_transit_encryption_type
if acns_performance_acceleration_mode == CONST_ACNS_PERFORMANCE_ACCELERATION_MODE_BPFVETH:
if acns.performance is None:
acns.performance = self.models.AdvancedNetworkingPerformance()
acns.performance.acceleration_mode = acns_performance_acceleration_mode
mc.network_profile.advanced_networking = acns
return mc

Expand Down
108 changes: 100 additions & 8 deletions src/aks-preview/azext_aks_preview/tests/latest/test_managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -952,7 +952,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_1.get_acns_enablement(), (None, None, None))
self.assertEqual(ctx_1.get_acns_enablement(), (None, None, None, None))

# Flag set to True.
ctx_2 = AKSPreviewManagedClusterContext(
Expand All @@ -965,7 +965,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_2.get_acns_enablement(), (True, None, None))
self.assertEqual(ctx_2.get_acns_enablement(), (True, None, None, None))

# Flag set to True.
ctx_3 = AKSPreviewManagedClusterContext(
Expand All @@ -978,7 +978,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_3.get_acns_enablement(), (True, None, None))
self.assertEqual(ctx_3.get_acns_enablement(), (True, None, None, None))

# Flag set to True and False.
ctx_4 = AKSPreviewManagedClusterContext(
Expand Down Expand Up @@ -1007,7 +1007,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_5.get_acns_enablement(), (False, None, None))
self.assertEqual(ctx_5.get_acns_enablement(), (False, None, None, None))

ctx_6 = AKSPreviewManagedClusterContext(
self.cmd,
Expand All @@ -1020,7 +1020,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_6.get_acns_enablement(), (True, False, None))
self.assertEqual(ctx_6.get_acns_enablement(), (True, False, None, None))

ctx_7 = AKSPreviewManagedClusterContext(
self.cmd,
Expand All @@ -1033,7 +1033,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_7.get_acns_enablement(), (True, None, False))
self.assertEqual(ctx_7.get_acns_enablement(), (True, None, False, None))

# Cannot disable observability with enabling acns
ctx_8 = AKSPreviewManagedClusterContext(
Expand All @@ -1046,7 +1046,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_8.get_acns_enablement(), (None, None, None))
self.assertEqual(ctx_8.get_acns_enablement(), (None, None, None, None))

# Cannot disable security with enabling acns
ctx_9 = AKSPreviewManagedClusterContext(
Expand All @@ -1059,7 +1059,7 @@ def test_mc_get_acns_enablement(self):
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_9.get_acns_enablement(), (None, None, None))
self.assertEqual(ctx_9.get_acns_enablement(), (None, None, None, None))

# Illegal flags enable acns, disable acns security, disable acns observability
ctx_10 = AKSPreviewManagedClusterContext(
Expand Down Expand Up @@ -1110,6 +1110,98 @@ def test_mc_get_acns_enablement(self):
with self.assertRaises(MutuallyExclusiveArgumentError):
ctx_12.get_acns_enablement()

# Enable ACNS and ACNS performance
ctx_13 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"enable_acns": True,
"acns_performance_acceleration_mode": "BpfVeth",
}
),
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_13.get_acns_enablement(), (True, None, None, True))

# Enable ACNS and ACNS performance with disable acns security, acns observability
ctx_14 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"enable_acns": True,
"acns_performance_acceleration_mode": "BpfVeth",
"disable_acns_security": True,
"disable_acns_observability": True,
}
),
self.models,
decorator_mode=DecoratorMode.CREATE,
)
self.assertEqual(ctx_14.get_acns_enablement(), (True, False, False, True))

# Enable all of ACNS (security and observability unspecified)
ctx_15 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"enable_acns": True,
"acns_performance_acceleration_mode": "BpfVeth",
}
),
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_15.get_acns_enablement(), (True, None, None, True))

# Enable ACNS, disable performance, security and observability unspecified
ctx_15 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"enable_acns": True,
"acns_performance_acceleration_mode": "None",
}
),
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
self.assertEqual(ctx_15.get_acns_enablement(), (True, None, None, False))

# Illegal flags disable acns and disable acns performance
ctx_16 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"disable_acns": True,
"acns_performance_acceleration_mode": "None",
}
),
self.models,
decorator_mode=DecoratorMode.UPDATE,
)
# fail on get_acns_enablement mutual exclusive error
with self.assertRaises(MutuallyExclusiveArgumentError):
ctx_16.get_acns_enablement()

# Illegal flags enable acns and all suites disabled
ctx_17 = AKSPreviewManagedClusterContext(
self.cmd,
AKSManagedClusterParamDict(
{
"enable_acns": True,
"acns_performance_acceleration_mode": "None",
"disable_acns_security": True,
"disable_acns_observability": True,
}
),
self.models,
decorator_mode=DecoratorMode.CREATE,
)
# fail on get_acns_enablement mutual exclusive error
with self.assertRaises(MutuallyExclusiveArgumentError):
ctx_17.get_acns_enablement()

def test_get_enable_managed_identity(self):
# custom value
ctx_1 = AKSPreviewManagedClusterContext(
Expand Down
Loading
Loading