Add aks-rest module and apply to hyperscale pipelines#1077
Add aks-rest module and apply to hyperscale pipelines#1077
Conversation
liyu-ma
commented
Feb 26, 2026
- Add aks-rest module to allow calling AKS in restful api
- Update hyperscale pipelines to provision cluster with aks-rest
There was a problem hiding this comment.
Pull request overview
Adds a new Terraform submodule to provision AKS clusters via ARM REST (az rest) so hyperscale tiers can use REST-only features (e.g., controlPlaneScalingProfile), and updates hyperscale provisioning inputs/pipelines to use it.
Changes:
- Introduce
aks_rest_config_listto the Azure Terraform module and wire in a newaks-restsubmodule driven byaz rest. - Switch CCP hyperscale tfvars (H2/H4/H8) from
aks_cli_config_listtoaks_rest_config_listwith control-plane scaling settings. - Update hyperscale validation/test pipeline inputs (regions, expected H2 cores, and add Terraform tests for the new module).
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| steps/topology/hyperscale-cluster/validate-resources.yml | Adjust expected GOMAXPROCS cores for H2 tier. |
| scenarios/perf-eval/ccp-provisioning/terraform-test-inputs/azure-H4.json | Change test region to westus2. |
| scenarios/perf-eval/ccp-provisioning/terraform-test-inputs/azure-H8.json | Change test region to westus2. |
| scenarios/perf-eval/ccp-provisioning/terraform-inputs/azure-H2.tfvars | Move hyperscale provisioning to aks_rest_config_list and set control-plane scaling/profile inputs. |
| scenarios/perf-eval/ccp-provisioning/terraform-inputs/azure-H4.tfvars | Same as H2 for H4 tier. |
| scenarios/perf-eval/ccp-provisioning/terraform-inputs/azure-H8.tfvars | Same as H2 for H8 tier. |
| pipelines/system/new-pipeline-test.yml | Replace placeholders with a concrete example pipeline configuration. |
| modules/terraform/azure/variables.tf | Add aks_rest_config_list variable schema. |
| modules/terraform/azure/main.tf | Merge json_input overrides into aks_rest_config_list and instantiate module "aks-rest". |
| modules/terraform/azure/aks-rest/variables.tf | Define inputs for the new aks-rest module (REST provisioning). |
| modules/terraform/azure/aks-rest/main.tf | Implement REST request body + local-exec provisioning/deletion commands and supporting role assignments. |
| modules/terraform/azure/aks-rest/output.tf | Expose generated commands/request body for tests/debugging. |
| modules/terraform/azure/tests/test_aks_rest.tftest.hcl | Add terraform test coverage validating command composition and request body content. |
8144c2a to
803df62
Compare
| @@ -0,0 +1,241 @@ | |||
| locals { | |||
There was a problem hiding this comment.
I suggest to simplfiy this to aks cli module this way you do not need to create a new module for aks-rest or added new variables for every parameters
see this example
telescope/modules/terraform/azure/main.tf
Line 52 in 901203f
There was a problem hiding this comment.
Hmm I feel it is cleaner to have a separate module. Essentially they are different commands so the format of the parameters vary from each other. Yes the parameters list will be the same or similar if they are doing the same thing e.g. create cluster, but from code maintenance perspective they could evolve differently in future. Not sure if this makes sense?
There was a problem hiding this comment.
For background , there are 2 ways to create kubernetes resources, first by aks-cli and second by terraform https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
aks-cli, these will contain commands for
- az aks create
- az aks delete
- az aks add nodepool
- az aks delete nodepool
- (if we need to support az rest , we simply add a new command in this module)
Second for the terraform way it will call terraform module create , delete, add nodepool (e.g)
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
So my question is what is the strong reason, we need new module for kubernetes resources, when az aks rest only need 3 flags (url, header, body)
The limitation of your implementation you make the body of the rest as each value paramaters, which is hard to extend and maintain . I suggest to use this draft example https://github.com/Azure/telescope/pull/1080/changes
| var.key_vaults[var.aks_rest_config.kms_config.key_vault_name].keys[var.aks_rest_config.kms_config.key_name].id, | ||
| error("Specified kms_key_name '${var.aks_rest_config.kms_config.key_name}' does not exist in Key Vault '${var.aks_rest_config.kms_config.key_vault_name}' keys: ${join(", ", keys(var.key_vaults[var.aks_rest_config.kms_config.key_vault_name].keys))}") | ||
| ) | ||
| key_vault_key_resource_id = try( |
There was a problem hiding this comment.
For az rest, we can use a Terraform module instead of using command line
https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/resourc
There was a problem hiding this comment.
We need to update both module, aks cli and aks terraform.
Since liyu already using aks cli in this PR and has the the core logic with aks cli in [here] (
| @@ -21,9 +21,9 @@ stages: | |||
| parameters: | |||
| cloud: azure | |||
| regions: | |||
There was a problem hiding this comment.
I think it would be better to move the pipeline and scenario changes to the next PR.