[AKS] Hotfix: az aks create/update: Add --enable-gateway-api and --disable-gateway-api parameters to manage Managed Gateway API installation (#33286)

Co-authored-by: Mauricio Ferrari <meece@MeeceSurface.localdomain>

Author: meecethereese

src/azure-cli/azure/cli/command_modules/acs/_consts.py

@@ -214,6 +214,10 @@
 CONST_APP_ROUTING_ISTIO_MODE_ENABLED = "Enabled"
 CONST_APP_ROUTING_ISTIO_MODE_DISABLED = "Disabled"
 
+# managed gateway api installation
+CONST_MANAGED_GATEWAY_INSTALLATION_DISABLED = "Disabled"
+CONST_MANAGED_GATEWAY_INSTALLATION_STANDARD = "Standard"
+
 # all supported addons
 ADDONS = {
     "http_application_routing": CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,

src/azure-cli/azure/cli/command_modules/acs/_help.py

@@ -650,6 +650,9 @@
         This enables an ingress-only version of Istio that reconciles Gateway API resources for App Routing.
         It does not provide service mesh functionality (e.g. mTLS, traffic management between services).
         Cannot be used simultaneously with the Istio service mesh add-on (--enable-azure-service-mesh).
+  - name: --enable-gateway-api
+    type: bool
+    short-summary: Enable managed installation of Gateway API CRDs from the standard release channel.
   - name: --bootstrap-container-registry-resource-id
     type: string
     short-summary: Configure container registry resource ID. Must use "Cache" as bootstrap artifact source.
@@ -759,6 +762,8 @@
     text: az aks create -g MyResourceGroup -n MyManagedCluster --node-provisioning-mode Auto --node-provisioning-default-pools None
   - name: Create a Kubernetes cluster with KataVmIsolation enabled.
     text: az aks create -g MyResourceGroup -n MyManagedCluster --os-sku AzureLinux --vm-size Standard_D4s_v3 --workload-runtime KataVmIsolation --node-count 1
+  - name: Create a kubernetes cluster with a managed installation of Gateway API CRDs from the standard release channel.
+    text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-gateway-api
 """
 
 helps["aks update"] = """
@@ -1192,6 +1197,12 @@
   - name: --disable-app-routing-istio --disable-ari
     type: bool
     short-summary: Disable Gateway API based ingress on App Routing via Istio.
+  - name: --enable-gateway-api
+    type: bool
+    short-summary: Enable managed installation of Gateway API CRDs from the standard release channel.
+  - name: --disable-gateway-api
+    type: bool
+    short-summary: Disable managed installation of Gateway API CRDs.
   - name: --bootstrap-container-registry-resource-id
     type: string
     short-summary: Configure container registry resource ID. Must use "Cache" as bootstrap artifact source.
@@ -1280,6 +1291,10 @@
     text: az aks update -g MyResourceGroup -n MyManagedCluster --node-provisioning-mode Auto --node-provisioning-default-pools None
   - name: Upgrade load balancer sku to standard
     text: az aks update --load-balancer-sku standard -g MyResourceGroup -n MyManagedCluster
+  - name: Update a kubernetes cluster to enable a managed installation of Gateway API CRDs from the standard release channel.
+    text: az aks update -g MyResourceGroup -n MyManagedCluster --enable-gateway-api
+  - name: Update a kubernetes cluster to disable the managed installation of Gateway API CRDs.
+    text: az aks update -g MyResourceGroup -n MyManagedCluster --disable-gateway-api
 """
 
 helps["aks delete"] = """

src/azure-cli/azure/cli/command_modules/acs/_params.py

@@ -661,6 +661,11 @@ def load_arguments(self, _):
             action="store_true",
             help="Enable Gateway API based ingress on App Routing via Istio"
         )
+        c.argument(
+            "enable_gateway_api",
+            action="store_true",
+            help="Enable managed installation of Gateway API CRDs from the standard release channel."
+        )
 
     with self.argument_context('aks update') as c:
         # managed cluster paramerters
@@ -898,6 +903,16 @@ def load_arguments(self, _):
             action="store_true",
             help="Disable Gateway API based ingress on App Routing via Istio."
         )
+        c.argument(
+            "enable_gateway_api",
+            action="store_true",
+            help="Enable managed installation of Gateway API CRDs from the standard release channel."
+        )
+        c.argument(
+            "disable_gateway_api",
+            action="store_true",
+            help="Disable managed installation of Gateway API CRDs."
+        )
     with self.argument_context('aks delete') as c:
         c.argument("if_match")
         c.argument("if_none_match")

src/azure-cli/azure/cli/command_modules/acs/custom.py

@@ -1042,6 +1042,8 @@ def aks_create(
     node_provisioning_default_pools=None,
     # app routing istio
     enable_app_routing_istio=False,
+    # gateway api
+    enable_gateway_api=False,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()
@@ -1240,6 +1242,9 @@ def aks_update(
     # app routing istio
     enable_app_routing_istio=False,
     disable_app_routing_istio=False,
+    # gateway api
+    enable_gateway_api=False,
+    disable_gateway_api=False,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()

src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py

@@ -52,6 +52,8 @@
     CONST_ACNS_DATAPATH_ACCELERATION_MODE_NONE,
     CONST_APP_ROUTING_ISTIO_MODE_ENABLED,
     CONST_APP_ROUTING_ISTIO_MODE_DISABLED,
+    CONST_MANAGED_GATEWAY_INSTALLATION_DISABLED,
+    CONST_MANAGED_GATEWAY_INSTALLATION_STANDARD,
 )
 from azure.cli.command_modules.acs.azurecontainerstorage._consts import (
     CONST_ACSTOR_EXT_INSTALLATION_NAME,
@@ -6228,6 +6230,20 @@ def get_disable_app_routing_istio(self) -> bool:
         """
         return self.raw_param.get("disable_app_routing_istio", False)
 
+    def get_enable_gateway_api(self) -> bool:
+        """Obtain the value of enable_gateway_api.
+
+        :return: bool
+        """
+        return self.raw_param.get("enable_gateway_api", False)
+
+    def get_disable_gateway_api(self) -> bool:
+        """Obtain the value of disable_gateway_api.
+
+        :return: bool
+        """
+        return self.raw_param.get("disable_gateway_api", False)
+
 
 class AKSManagedClusterCreateDecorator(BaseAKSManagedClusterDecorator):
     def __init__(
@@ -7764,6 +7780,19 @@ def set_up_ingress_profile_app_routing_istio(self, mc: ManagedCluster) -> Manage
 
         return mc
 
+    def set_up_ingress_profile_gateway_api(self, mc: ManagedCluster) -> ManagedCluster:
+        self._ensure_mc(mc)
+        if self.context.get_enable_gateway_api():
+            if mc.ingress_profile is None:
+                mc.ingress_profile = self.models.ManagedClusterIngressProfile()
+            if mc.ingress_profile.gateway_api is None:
+                mc.ingress_profile.gateway_api = (
+                    self.models.ManagedClusterIngressProfileGatewayConfiguration(
+                        installation=CONST_MANAGED_GATEWAY_INSTALLATION_STANDARD
+                    )
+                )
+        return mc
+
     def set_up_ai_toolchain_operator(self, mc: ManagedCluster) -> ManagedCluster:
         self._ensure_mc(mc)
 
@@ -7920,6 +7949,8 @@ def construct_mc_profile_default(self, bypass_restore_defaults: bool = False) ->
         mc = self.set_up_ingress_web_app_routing(mc)
         # set up app routing istio
         mc = self.set_up_ingress_profile_app_routing_istio(mc)
+        # set up gateway api
+        mc = self.set_up_ingress_profile_gateway_api(mc)
         # set up custom ca trust certificates
         mc = self.set_up_custom_ca_trust_certificates(mc)
         # set up run command
@@ -9471,6 +9502,31 @@ def update_ingress_profile_app_routing_istio(self, mc: ManagedCluster) -> Manage
                 )
         return mc
 
+    def update_ingress_profile_gateway_api(self, mc: ManagedCluster) -> ManagedCluster:
+        """Update gateway api installation in the ingress profile for the ManagedCluster object.
+
+        :return: the ManagedCluster object
+        """
+        self._ensure_mc(mc)
+        enable_gateway_api = self.context.get_enable_gateway_api()
+        disable_gateway_api = self.context.get_disable_gateway_api()
+        if enable_gateway_api and disable_gateway_api:
+            raise MutuallyExclusiveArgumentError(
+                "Cannot specify --enable-gateway-api and --disable-gateway-api at the same time."
+            )
+        if enable_gateway_api or disable_gateway_api:
+            if mc.ingress_profile is None:
+                mc.ingress_profile = self.models.ManagedClusterIngressProfile()  # pylint: disable=no-member
+            if mc.ingress_profile.gateway_api is None:
+                mc.ingress_profile.gateway_api = (
+                    self.models.ManagedClusterIngressProfileGatewayConfiguration()  # pylint: disable=no-member
+                )
+            if enable_gateway_api:
+                mc.ingress_profile.gateway_api.installation = CONST_MANAGED_GATEWAY_INSTALLATION_STANDARD
+            elif disable_gateway_api:
+                mc.ingress_profile.gateway_api.installation = CONST_MANAGED_GATEWAY_INSTALLATION_DISABLED
+        return mc
+
     def update_node_resource_group_profile(self, mc: ManagedCluster) -> ManagedCluster:
         """Update node resource group profile for the ManagedCluster object.
         :return: the ManagedCluster object
@@ -10411,6 +10467,8 @@ def update_mc_profile_default(self) -> ManagedCluster:
         mc = self.update_ai_toolchain_operator(mc)
         # update app routing istio
         mc = self.update_ingress_profile_app_routing_istio(mc)
+        # update gateway api
+        mc = self.update_ingress_profile_gateway_api(mc)
         # update bootstrap profile
         mc = self.update_bootstrap_profile(mc)
         # update static egress gateway