CNI improvements and UI tweaks (#413)

* first cut of maxpods/overlay/dynamiciP

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* better ui

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* preview styling and keda preview link

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* CNI mainly working.

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* cspell typos

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* making cni overlay a preview feature

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* maxPods

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* removing modal dialog

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* pod cidr

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* deploy tests started

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* mutual feature exclusion

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* indentation

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* styling

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* Preview warning control

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* making the if statements niiiiice

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* scale step

* overlay plus default networking compat.

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

* Update markdownchecks.yml

* psrule version lock

* Update ps-rule.yaml

* scale code fix

* region data type

* scale code tweak

* autoscale code tweak

* Update ByoVnetCI.yml

* --update-cluster-autoscaler

* casing issue?

* using a tag instead of main

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

Signed-off-by: Gordonby <gordon.byers@microsoft.com>

.github/workflows/ByoVnetCI.yml

@@ -36,7 +36,7 @@ on:
       region:
         description: 'Region (needs to be same as byo vnet location)'
         default: 'southcentralus'
-        type: text
+        type: string
         required: false
       doWellArchitected:
         description: 'Perform the Well Architected Framework assesment'
@@ -84,7 +84,7 @@ jobs:
       # PSRule performs IaC recommendations of the template.
       # https://azure.github.io/PSRule.Rules.Azure/
       - name: PSRule for Azure - Well Architected
-        uses: Microsoft/ps-rule@main
+        uses: microsoft/ps-rule@v2.3.2
         continue-on-error: true #Setting this whilst PSRule gets bedded in, in this project
         with:
           modules: 'PSRule.Rules.Azure'
@@ -108,7 +108,7 @@ jobs:
       RESOURCEGROUP:  ${{ steps.params.outputs.RESOURCEGROUP}}
       REGION: ${{ steps.params.outputs.REGION}}
       RESNAME: ${{ steps.params.outputs.NEWRESNAME}}
-      
+
     steps:
       - uses: actions/checkout@v2
 
@@ -144,7 +144,7 @@ jobs:
             $params=$paramFileContent|ConvertFrom-Json
             Write-Output $params.parameters.ingressApplicationGateway.value
           }
-          
+
       - name: Parameter Value Augmentation
         id: params
         env:
@@ -692,6 +692,23 @@ jobs:
           }
           #grep KeyvaultSecretsProvider
 
+        #Sometimes cluster config works for deployment, but misconfig can
+        #Prevent the cluster from scaling... So lets make sure it can.
+      - name: Scale the cluster up by 1 node
+        shell: pwsh
+        run: |
+          $RG='${{ env.RG }}'
+          $AKSNAME='${{ needs.Deploy.outputs.AKSNAME }}'
+
+          Write-Output "Scaling $AKSNAME in $RG"
+
+          $manualScalePools = az aks show -n $AKSNAME -g $RG --query "agentPoolProfiles[?maxCount==null].{name:name, count:count}" -o json | ConvertFrom-Json
+          $manualScalePools | ForEach-Object { Write-Output "scaling [m] pool $($_.name)"; az aks scale -g $RG -n $AKSNAME --node-count $($_.pool + 1) --nodepool-name $_.name }
+
+          $autoScalePools = az aks show -n $AKSNAME -g $RG --query "agentPoolProfiles[?maxCount!=null].{name:name, minCount:minCount, maxCount:maxCount}" -o json | ConvertFrom-Json
+          $autoScalePools | ForEach-Object { Write-Output "scaling [a] pool $($_.name)"; az aks nodepool update --update-cluster-autoscaler -g $RG --cluster-name $AKSNAME --name $_.name --min-count $($_.minCount + 1) --max-count $($_.maxCount + 1)  }
+
+
   Troubleshoot:
     needs: [Deploy, ReusableWF, Post-Deploy, SmokeTest_JavaApp-certmgr, SmokeTest_JavaApp-appgw]
     uses: ./.github/workflows/AksTroubleshooting.yml

.github/workflows/markdownchecks.yml

@@ -12,7 +12,7 @@ jobs:
         run: cat ./.github/workflows_dep/_typos.toml
 
       - name: Check spelling of markdown files
-        uses: crate-ci/typos@master
+        uses: crate-ci/typos@v1.12.8
         with:
           files: ./*.md
           config: ./.github/workflows_dep/_typos.toml

.github/workflows_dep/regressionparams/cni-overlay.json

@@ -0,0 +1,39 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "resourceName": {
+      "value": "cniov2"
+    },
+    "custom_vnet": {
+      "value": true
+    },
+    "enable_aad": {
+      "value": true
+    },
+    "aksDisableLocalAccounts": {
+      "value": true
+    },
+    "enableAzureRBAC": {
+      "value": true
+    },
+    "registries_sku": {
+      "value": "Premium"
+    },
+    "omsagent": {
+      "value": true
+    },
+    "retentionInDays": {
+      "value": 30
+    },
+    "networkPolicy": {
+      "value": "azure"
+    },
+    "networkPluginMode": {
+      "value": "Overlay"
+    },
+    "vnetAksSubnetAddressPrefix": {
+      "value": "10.240.0.0/28"
+    }
+  }
+}

bicep/main.bicep

@@ -870,6 +870,11 @@ param agentCount int = 3
 param agentCountMax int = 0
 var autoScale = agentCountMax > agentCount
 
+@description('Allocate pod ips dynamically')
+param cniDynamicIpAllocation bool = false
+
+@minValue(10)
+@maxValue(250)
 @description('The maximum number of pods per node.')
 param maxPods int = 30
 
@@ -880,6 +885,13 @@ param maxPods int = 30
 @description('The network plugin type')
 param networkPlugin string = 'azure'
 
+@allowed([
+  ''
+  'Overlay'
+])
+@description('The network plugin type')
+param networkPluginMode string = ''
+
 @allowed([
   ''
   'azure'
@@ -1199,7 +1211,8 @@ var aksProperties = union({
     networkPlugin: networkPlugin
     #disable-next-line BCP036 //Disabling validation of this parameter to cope with empty string to indicate no Network Policy required.
     networkPolicy: networkPolicy
-    podCidr: networkPlugin=='kubenet' ? podCidr : json('null')
+    networkPluginMode: networkPlugin=='azure' ? networkPluginMode : ''
+    podCidr: networkPlugin=='kubenet' || cniDynamicIpAllocation ? podCidr : json('null')
     serviceCidr: serviceCidr
     dnsServiceIP: dnsServiceIP
     dockerBridgeCidr: dockerBridgeCidr
@@ -1251,6 +1264,14 @@ resource aks 'Microsoft.ContainerService/managedClusters@2022-05-02-preview' = {
 }
 output aksClusterName string = aks.name
 output aksOidcIssuerUrl string = oidcIssuer ? aks.properties.oidcIssuerProfile.issuerURL : ''
+
+@description('This output can be directly leveraged when creating a ManagedId Federated Identity')
+output aksOidcFedIdentityProperties object = {
+  issuer: oidcIssuer ? aks.properties.oidcIssuerProfile.issuerURL : ''
+  audiences: ['api://AzureADTokenExchange']
+  subject: 'system:serviceaccount:ns:svcaccount'
+}
+
 output aksNodeResourceGroup string = aks.properties.nodeResourceGroup
 //output aksNodePools array = [for nodepool in agentPoolProfiles: name]
 

cspell.json

@@ -37,6 +37,7 @@
         "Codespaces",
         "configpresets",
         "Consolas",
+        "Cred",
         "csisecret",
         "csisecrets",
         "currenttab",
@@ -84,9 +85,11 @@
         "localaccounts",
         "managedclusters",
         "MAXCOUNT",
+        "maxpods",
         "messg",
         "Microservices",
         "middleeast",
+        "Modeless",
         "monospace",
         "mounttime",
         "msrc",

docs/RepoCoreIacWorkflows.md

@@ -79,7 +79,7 @@ Capture the subnet id and save into the appropriate GitHub secret.
 
 You need to create the RBAC for the service principal on the resource groups.
 
-> *** Error: list: failed to list: secrets is forbidden: User \"REDACTED\" cannot list resource \"secrets\" in API group \"\" in the namespace \"default\": User does not have access to the resource in Azure. Update role assignment to allow access.\n", "provisioningState": "Succeeded", "reason": null, 
+> *** Error: list: failed to list: secrets is forbidden: User \"REDACTED\" cannot list resource \"secrets\" in API group \"\" in the namespace \"default\": User does not have access to the resource in Azure. Update role assignment to allow access.\n", "provisioningState": "Succeeded", "reason": null,
 
 ### Key Vault Certificate problem
 
@@ -100,7 +100,7 @@ az feature register -n AutoUpgradePreview --namespace Microsoft.ContainerService
 
 > SubnetNotAssociatedWithNATGateway. Subnet '***' must have a NAT gateway associated for outbound connection
 
-AKS is configured to use Nat Gatway for egress. It needs to be created and associated to the subnet.
+AKS is configured to use Nat Gateway for egress. It needs to be created and associated to the subnet.
 
 ### Nat Gateway Public IP
 

helper/src/components/addonsTab.js

@@ -366,10 +366,10 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
 
             <Stack.Item align="start">
                 <Label required={true}>
-                    KEDA : Enable Kubernetes Event-driven Autoscaling (KEDA) on the AKS Cluster
+                    KEDA : Enable Kubernetes Event-driven Autoscaling (KEDA) on the AKS Cluster (<a target="_new" href="https://learn.microsoft.com/en-us/azure/aks/keda-deploy-add-on-arm#prerequisites">*preview</a>)
                     (<a target="_new" href="https://docs.microsoft.com/en-us/azure/aks/keda-about">docs</a>)
                 </Label>
-                <Checkbox styles={{ root: { marginLeft: '50px' } }} checked={addons.kedaAddon} onChange={(ev, v) => updateFn("kedaAddon", v)} label="Install the KEDA AddOn" />
+                <Checkbox styles={{ root: { marginLeft: '50px' } }} checked={addons.kedaAddon} onChange={(ev, v) => updateFn("kedaAddon", v, 'https://learn.microsoft.com/azure/aks/keda-deploy-add-on-arm#prerequisites')} label="Install the KEDA AddOn" />
             </Stack.Item>
 
             <Separator className="notopmargin" />

helper/src/components/clusterTab.js

@@ -56,7 +56,6 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
     }
 
 
-
     return (
         <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
 
@@ -81,7 +80,6 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
                     <Stack.Item>
                         <Label >System Pool Type <Link target='_' href='https://docs.microsoft.com/azure/aks/use-system-pools#system-and-user-node-pools'>docs</Link></Label>
                         <ChoiceGroup
-
                             selectedKey={cluster.SystemPoolType}
                             options={[
                                 { "data-testid":'cluster-systempool-none', key: 'none', text: 'No separate system pool: Use a single pool for System and User workloads' },
@@ -112,7 +110,10 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
                             ]} />
                     </Stack.Item>
                     <Stack.Item>
-                        <Slider buttonProps={{ "data-testid": "cluster-agentCount-slider"}} styles={{ root: { width: 450 } }} ranged={cluster.autoscale}  lowerValue={cluster.agentCount}
+                        <Slider
+                        buttonProps={{ "data-testid": "cluster-agentCount-slider"}}
+                        styles={{ root: { width: 450 } }}
+                        ranged={cluster.autoscale}  lowerValue={cluster.agentCount}
                         label={`Node count range ${cluster.autoscale ? 'range' : ''}`} min={0}  max={100} step={1}
                         value={cluster.autoscale? cluster.maxCount : cluster.agentCount} showValue={true}
                         onChange={(val, range) => sliderUpdateFn(cluster.autoscale ? {agentCount: range[0], maxCount: range[1]} : {agentCount: val})} />

helper/src/components/deployTab.js

@@ -68,8 +68,11 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
     ...(addons.azurepolicy !== "none" && addons.azurePolicyInitiative !== defaults.addons.azurePolicyInitiative && { azurePolicyInitiative: addons.azurePolicyInitiative }),
     ...(net.networkPlugin !== defaults.net.networkPlugin && {networkPlugin: net.networkPlugin}),
     ...(net.vnet_opt === "custom" && net.networkPlugin === 'kubenet' && defaults.net.podCidr !== net.podCidr && { podCidr: net.podCidr }),
+    ...((net.vnet_opt === "custom" || net.vnet_opt === "byo") && defaults.net.cniDynamicIpAllocation !== net.cniDynamicIpAllocation && { cniDynamicIpAllocation: true }),
+    ...(net.vnet_opt === "custom" && net.cniDynamicIpAllocation && defaults.net.podCidr !== net.podCidr && { podCidr: net.podCidr }),
     ...(cluster.availabilityZones === "yes" && { availabilityZones: ['1', '2', '3'] }),
     ...(cluster.apisecurity === "whitelist" && deploy.clusterIPWhitelist && apiips_array.length > 0 && { authorizedIPRanges: apiips_array }),
+    ...(defaults.net.maxPods !== net.maxPods && { maxPods: net.maxPods }),
     ...(cluster.apisecurity === "private" && { enablePrivateCluster: true }),
     ...(cluster.apisecurity === "private" && cluster.apisecurity === "private" && defaults.cluster.privateClusterDnsMethod !== cluster.privateClusterDnsMethod && { privateClusterDnsMethod: cluster.privateClusterDnsMethod }),
     ...(cluster.apisecurity === "private" && cluster.apisecurity === "private" && cluster.privateClusterDnsMethod === 'privateDnsZone' && { dnsApiPrivateZoneId: cluster.dnsApiPrivateZoneId }),
@@ -124,6 +127,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
     ...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
     ...(defaults.addons.blobCSIAddon !== addons.blobCSIAddon && {blobCSIAddon: addons.blobCSIAddon }),
     ...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {workloadIdentity: addons.workloadIdentity }),
+    ...(net.networkPlugin === 'azure' && net.networkPluginMode && {networkPluginMode: 'Overlay'}),
     ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
   }
 
@@ -297,7 +301,7 @@ az role assignment create --role "Managed Identity Operator" --assignee-principa
 
     <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
       {!allok &&
-        <MessageBar messageBarType={MessageBarType.severeWarning}>
+        <MessageBar messageBarType={MessageBarType.error}>
           <Text >Configuration not complete, please correct the tabs with the warning symbol <b>({invalidTabs.join(' & ')})</b> before deploying</Text>
         </MessageBar>
       }
@@ -366,9 +370,13 @@ az role assignment create --role "Managed Identity Operator" --assignee-principa
       <Separator styles={{ root: { marginTop: '30px !important' } }}><div style={{ display: "flex", alignItems: 'center', }}><b style={{ marginRight: '10px' }}>Deploy Cluster</b><Image src="./bicep.png" alt="Built with bicep" /> <p style={{ marginLeft: '10px' }}>powered by Bicep</p></div> </Separator>
 
       {Object.keys(preview_params).length > 0 &&
-        <MessageBar messageBarType={MessageBarType.warning}>
-          <Text >Your deployment contains Preview features: <b>{Object.keys(preview_params).join(', ')}</b>, Ensure you have registered for these previews, and have installed the <b>'az extension add --name aks-preview'</b>  before running the script, <Link target="_pv" href="https://aka.ms/aks/previews">see here</Link>, or disable preview features here</Text>
-          <Toggle styles={{ root: { marginTop: "10px" } }} onText='preview enabled' offText="preview disabled" checked={!deploy.disablePreviews} onChange={(ev, checked) => updateFn("disablePreviews", !checked)} />
+        <MessageBar messageBarType={MessageBarType.severeWarning}>
+          <Text variant={'mediumPlus'} >Your deployment contains <b>Preview Features</b> which may require subscription registration and have Azure Region limitations. Please ensure you have registered for these previews, and have installed the <b>'az extension add --name aks-preview'</b> before running the relevant scripts.<br />Preview Features you have selected: <b>{Object.keys(preview_params).join(', ')}</b>.</Text>
+          <Checkbox
+            styles={{ root: { marginTop: "10px" } }}
+            label='Include preview features in deployment'
+            checked={!deploy.disablePreviews}
+            onChange={(ev, checked) => updateFn("disablePreviews", !checked)} />
         </MessageBar>
 
       }
@@ -452,7 +460,7 @@ on:
 
 jobs:
   reusable_workflow_job:
-    uses: Azure/AKS-Construction/.github/workflows/AKSC_Deploy.yml@main
+    uses: Azure/AKS-Construction/.github/workflows/AKSC_Deploy.yml@${deploy.selectedTemplate}
     with:` + (deploy.selectedTemplate !== 'local' ? `
       templateVersion: ${deploy.selectedTemplate}` : '') + `
       rg: ${deploy.rg}

helper/src/components/networkTab.js

@@ -1,6 +1,6 @@
 
 import React, { useState } from 'react';
-import { Image, ImageFit, Link, Separator, TextField, DirectionalHint, Callout, Stack, Text, Label, ChoiceGroup, Checkbox, MessageBar, MessageBarType, Dropdown, Slider } from '@fluentui/react';
+import { Image, ImageFit, Link, Separator, TextField, DirectionalHint, Callout, Stack, Text, Label, ChoiceGroup, Checkbox, MessageBar, MessageBarType, Slider } from '@fluentui/react';
 import { adv_stackstyle, hasError, getError } from './common'
 
 const columnProps = {
@@ -9,13 +9,51 @@ const columnProps = {
 }
 
 
-export default function NetworkTab ({ tabValues, updateFn, invalidArray, featureFlag }) {
+export default function NetworkTab ({ defaults, tabValues, updateFn, invalidArray, featureFlag }) {
 
     const [callout1, setCallout1] = useState(false)
 
     const { net, addons } = tabValues
     var _calloutTarget1 = React.createRef()
 
+
+    function UpdateDynamicIpAllocation(v) {
+        //update the Dynamic IP Allocation property, where this fn was called from
+        updateFn("cniDynamicIpAllocation", v)
+
+        //update max pods to 250 if dynamic IP allocation is enabled
+        if (v) {
+            updateFn("maxPods", 250)
+         } else {
+            updateFn("maxPods", defaults.net.maxPods)
+         }
+
+        //update pod cidr
+        if (v) {
+            updateFn("podCidr", defaults.net.podCidr.replace("/22","/24"))
+         } else {
+            updateFn("podCidr", defaults.net.podCidr)
+         }
+    }
+
+    function UpdateCniOverlay(v) {
+        //update the networkPluginMode property, where this fn was called from
+        updateFn("networkPluginMode", v)
+
+        //update node subnet to a nice small /24 if overlay is enabled, otherwise use the default
+        if (v) {
+            updateFn("vnetAksSubnetAddressPrefix", "10.240.0.0/24")
+         } else {
+            updateFn("vnetAksSubnetAddressPrefix", defaults.net.vnetAksSubnetAddressPrefix)
+         }
+
+        if (v) {
+            updateFn("podCidr", '10.244.0.0/16')
+        } else {
+            updateFn("podCidr", defaults.net.podCidr)
+        }
+    }
+
     return (
         <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
 
@@ -37,6 +75,46 @@ export default function NetworkTab ({ tabValues, updateFn, invalidArray, feature
 
             <Separator className="notopmargin" />
 
+            <Stack.Item>
+                <Label>CNI Features</Label>
+                <Stack horizontal tokens={{ childrenGap: 15 }} >
+                    <Stack.Item>
+                        <MessageBar messageBarType={MessageBarType.info}>Dynamic IP allocation separates node IP's and Pod IP's by subnet allowing dynamic allocation of Pod IPs <a target="_new" href="https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni#dynamic-allocation-of-ips-and-enhanced-subnet-support">docs</a> </MessageBar>
+                        <Checkbox
+                            styles={{ root: { marginLeft: '50px', marginTop: '10px !important' } }}
+                            disabled={net.vnet_opt === 'default' || net.networkPlugin!=='azure' || net.networkPluginMode}
+                            checked={net.cniDynamicIpAllocation}
+                            onChange={(ev, v) => UpdateDynamicIpAllocation(v)}
+                            label="Implement Dynamic Allocation of IPs" />
+                    </Stack.Item>
+                    <Stack.Item>
+                        <MessageBar messageBarType={MessageBarType.info}>Overlay is a <a target="_new" href="https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay#steps-to-set-up-overlay-clusters">preview feature</a> that leverages a private CIDR for Pod IP's. See if it's right for you:<a target="_new" href="https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay">docs</a> </MessageBar>
+                        <Checkbox
+                            styles={{ root: { marginLeft: '50px', marginTop: '10px !important' } }}
+                            disabled={net.networkPlugin!=='azure' || net.cniDynamicIpAllocation}
+                            checked={net.networkPluginMode}
+                            onChange={(ev, v) => UpdateCniOverlay(v)}
+                            label="CNI Overlay Network" />
+                    </Stack.Item>
+                </Stack>
+            </Stack.Item>
+
+            <Separator className="notopmargin" />
+
+            <Stack.Item>
+            <Label>Pods</Label>
+                <MessageBar messageBarType={MessageBarType.info}>When using Azure CNI with Dynamic IP allocation also allows customers to set up clusters that consume fewer IPs. <br/ >This means Pods per Node can be maximised which simplifies sizing the cluster.</MessageBar>
+                <Slider
+                    buttonProps={{ "data-testid": "network-maxpods-slider"}}
+                    styles={{ root: { marginLeft: '50px', width: 450 } }}
+                    label={'Maximum Pods per node'} min={10}  max={250} step={1}
+                    value={net.maxPods} showValue={true}
+                    onChange={(val, range) => updateFn("maxPods", val)}
+                />
+            </Stack.Item>
+
+            <Separator className="notopmargin" />
+
             <Stack.Item>
                 <Label>Uses a private IP address from your VNet to access your dependent Azure service, such as Azure KeyVault, Azure Container Registry etc</Label>
                 <Checkbox styles={{ root: { marginLeft: '50px', marginTop: '0 !important' } }} disabled={false} checked={net.vnetprivateend} onChange={(ev, v) => updateFn("vnetprivateend", v)} label="Enable Private Link" />
@@ -56,7 +134,7 @@ export default function NetworkTab ({ tabValues, updateFn, invalidArray, feature
 
                 <Stack horizontal tokens={{ childrenGap: 50 }}>
                     <Stack.Item>
-                        <MessageBar messageBarType={MessageBarType.warning}>Nat Gateway for AKS egress is currently a preview feature <a target="_target" href="https://docs.microsoft.com/azure/aks/nat-gateway">docs</a></MessageBar>
+                        <MessageBar messageBarType={MessageBarType.info}>NAT Gateway allows more traffic flows than a Load Balancer.<a target="_target" href="https://docs.microsoft.com/azure/aks/nat-gateway">docs</a></MessageBar>
                         {hasError(invalidArray, 'aksOutboundTrafficType') &&
                             <MessageBar messageBarType={MessageBarType.error}>{getError(invalidArray, 'aksOutboundTrafficType')}</MessageBar>
                         }
@@ -144,7 +222,7 @@ export default function NetworkTab ({ tabValues, updateFn, invalidArray, feature
                                         key: 'byo',
                                         disabled: false,
                                         iconProps: { iconName: 'WebAppBuilderFragment' }, // SplitObject
-                                        text: 'BYO VNET (TBC)'
+                                        text: 'BYO VNET'
                                     }
                                 ]}
                             />
@@ -245,7 +323,7 @@ function PodServiceNetwork({ net, updateFn }) {
         <Stack {...columnProps}>
             <Label>Kubernetes Networking Configuration</Label>
             <Stack.Item styles={{root: {width: '380px'}}} align="start">
-                <TextField  prefix="Cidr" label="POD Network" disabled={net.networkPlugin !== 'kubenet'} onChange={(ev, val) => updateFn("podCidr", val)} value={net.networkPlugin === 'kubenet' ? net.podCidr : "Using CNI, POD IPs from subnet"} />
+                <TextField  prefix="Cidr" label="POD Network" disabled={net.networkPlugin !== 'kubenet' && !net.cniDynamicIpAllocation && !net.networkPluginMode} onChange={(ev, val) => updateFn("podCidr", val)} value={net.networkPlugin === 'kubenet' || net.cniDynamicIpAllocation || net.networkPluginMode ? net.podCidr : "Using CNI, POD IPs from subnet"} />
             </Stack.Item>
             <Stack.Item styles={{root: {width: '380px'}}} align="start">
                 <TextField prefix="Cidr" label="Service Network" onChange={(ev, val) => updateFn("serviceCidr", val)} value={net.serviceCidr} />

helper/src/components/portalnav.js

@@ -1,6 +1,6 @@
 
 import React, { useState, useEffect } from 'react';
-import { CommandBarButton, Image, ThemeProvider, Link, Toggle, TooltipHost, Pivot, PivotItem, Icon, Separator, Stack, Text, ChoiceGroup } from '@fluentui/react';
+import { CommandBarButton, Image, ThemeProvider, Link, Toggle, TooltipHost, Pivot, PivotItem, Icon, Separator, Stack, Text, ChoiceGroup, Modal, IconButton } from '@fluentui/react';
 import { AzureThemeLight, AzureThemeDark } from '@fluentui/azure-themes';
 import { mergeStyles, mergeStyleSets } from '@fluentui/merge-styles';
 
@@ -33,6 +33,7 @@ function useAITracking(componentName, key) {
 }
 
 const titleClass = mergeStyleSets({ "display": "inline-block", "marginLeft": "10px", "verticalAlign": "top" })
+
 function Header({ presets, setPresets, selectedPreset, featureFlag }) {
 
 
@@ -286,7 +287,7 @@ export default function PortalNav({ config }) {
     //setTabValues(currentTabValues => updateTabValues(currentTabValues, sections, key, 'standard'))
   }
 
-  function mergeState(tab, field, value) {
+  function mergeState(tab, field, value, previewLink) {
 
     let updatevals
     if (typeof field === "string") {
@@ -299,7 +300,9 @@ export default function PortalNav({ config }) {
       }
     }
 
-    //window.history.replaceState(null, null, "?"+urlParams.toString())
+    //maintains the current config in querystring for easy bookmarking
+    window.history.replaceState(null, null, "?"+urlParams.toString())
+
     setTabValues((p) => {
       return {
         ...p,
@@ -390,10 +393,10 @@ export default function PortalNav({ config }) {
               <ClusterTab tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value) => mergeState("cluster", field, value)} invalidArray={invalidArray['cluster']} />
             </PivotItem>
             <PivotItem headerText={tabLabels.addons} itemKey="addons" onRenderItemLink={(a, b) => _customRenderer('addons', a, b)} >
-              <AddonsTab tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value) => mergeState("addons", field, value)} invalidArray={invalidArray['addons']} />
+              <AddonsTab tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value, previewLink) => mergeState("addons", field, value, previewLink)} invalidArray={invalidArray['addons']} />
             </PivotItem>
             <PivotItem headerText={tabLabels.net} itemKey="net" onRenderItemLink={(a, b) => _customRenderer('net', a, b)}>
-              <NetworkTab tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value) => mergeState("net", field, value)} invalidArray={invalidArray['net']} />
+              <NetworkTab defaults={defaults} tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value) => mergeState("net", field, value)} invalidArray={invalidArray['net']} />
             </PivotItem>
             <PivotItem headerText={tabLabels.app} itemKey="app" onRenderItemLink={(a, b) => _customRenderer('app', a, b)}>
               <AppsTab tabValues={tabValues} featureFlag={featureFlag} updateFn={(field, value) => mergeState("app", field, value)} invalidArray={invalidArray['app']} />

helper/src/config.json

@@ -94,6 +94,9 @@
             "gitops": "none"
         },
         "net": {
+            "maxPods": 30,
+            "cniDynamicIpAllocation": false,
+            "networkPluginMode": false,
             "networkPlugin": "azure",
             "afw": false,
             "bastion": false,

ps-rule.yaml

@@ -38,6 +38,7 @@ configuration:
   # Bicep is experimental and currently disabled as testing occurs against compiled template
   # Enable automatic expansion of bicep source files
   AZURE_BICEP_FILE_EXPANSION: true
+  AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 30
 
   #ProjectSpecifc rules
   Azure_AKSNodeMinimumMaxPods: 30