Added check for AKS clusters with basic a load balancer (#110)

* Added check for AKS cluster basic load balancers

* removed failing test for empty backends & az.network inport

AzureBasicLoadBalancerUpgrade/module/AzureBasicLoadBalancerUpgrade/modules/ValidateScenario/ValidateScenario.Tests.ps1

@@ -157,7 +157,7 @@ Describe "ValidateScenario" {
   }
 
   Context "Input Parameters" {
-    It "Should fail is an invalid Load Balancer name is supplied" {
+    It "Should fail if an invalid Load Balancer name is supplied" {
       $errMsg = "Cannot validate argument on parameter 'StdLoadBalancerName'.*"
       { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName '_' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
     }
@@ -168,34 +168,51 @@ Describe "ValidateScenario" {
     }
   }
 
-  Context "VMSS in BackendPools" {
-    It "Should fail if the backend pool ip configuration does not contain 'VirtualMachineScaleSet'" {
-      $BasicLoadBalancer.BackendAddressPools[0].BackendIpConfigurations[0].Id = "/subscriptions/b2375b5f-8dab-4436-b87c-32bc7fdce5d0/resourceGroups/rg-001-basic-lb-int-single-fe/providers/Microsoft.Compute/banana/vmss-01/virtualMachines/0/networkInterfaces/vmss-01-nic-01configuration-0/ipConfigurations/ipconfig1"
-      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage "*Basic Load Balancer has backend pools that is not virtualMachineScaleSets, exiting"
+  Context "Basic LoadBalancer used in AKS cluster" {
+    It "Should fail if the basic load balancer is used as an external LB by an AKS cluster (LB is named 'kubernetes')" {
+      $BasicLoadBalancer.Name = 'kubernetes'
+      $errMsg = "*is used by an AKS cluster & cannot be migrated*"
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
+    }
+
+    It "Should fail if the basic load balancer is used an an internal LB by an AKS cluster (LB is named 'kubernetes-internal')" {
+      $BasicLoadBalancer.Name = 'kubernetes-internal'
+      $errMsg = "*is used by an AKS cluster & cannot be migrated*"
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
+    }
+
+    It "Should fail if the basic load balancer is used an an internal LB by an AKS cluster (Azure System managed Tags)" {
+      $BasicLoadBalancer
+      $errMsg = "*is used by an AKS cluster & cannot be migrated*"
+      $BasicLoadBalancer.Tag.Add('aks-managed-cluster-name','mycluster')
+      $BasicLoadBalancer.Tag.Add('aks-managed-cluster-rg','mycluster-rg')
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
     }
   }
 
-  Context "Empty BackendPools" {
-    It "Should fail if the backend pool(s) have no membership" {
-      $BasicLoadBalancer.BackendAddressPools[0].BackendIpConfigurations = @()
-      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage "*Basic Load Balancer has backend pools have no membership, exiting"
+  Context "VMSS in BackendPools" {
+    It "Should fail if the backend pool ip configuration does not contain 'VirtualMachineScaleSet'" {
+      $errMsg = '*Basic Load Balancer backend pools can contain only VMs or VMSSes*'
+      $BasicLoadBalancer.BackendAddressPools[0].BackendIpConfigurations[0].Id = "/subscriptions/b2375b5f-8dab-4436-b87c-32bc7fdce5d0/resourceGroups/rg-001-basic-lb-int-single-fe/providers/Microsoft.Compute/banana/vmss-01/virtualMachines/0/networkInterfaces/vmss-01-nic-01configuration-0/ipConfigurations/ipconfig1"
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -ExpectedMessage $errMsg
     }
   }
 
   Context "LoadBalancingRules" {
     It "Should fail if no LoadBalancingRules exist on the load balancer" {
-      $BasicLoadBalancer.LoadBalancingRules = $null
-      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage "*Load balancer 'lb-basic-01' has no front end configurations, so there is nothing to migrate!"
+      $errMsg = "*Load balancer 'lb-basic-01' has no front end configurations, so there is nothing to migrate*"
+      $BasicLoadBalancer.LoadBalancingRules = @()
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
     }
   }
 
   Context "Public Ip Prefix" {
     It "Should fail if the Public IP has an IPPrefix" {
+      $errMsg = "*FrontEndIPConfiguration[0] is assigned a public IP prefix*"
       $ipPrefix = [Microsoft.Azure.Commands.Network.Models.PSResourceId]::new()
       $ipPrefix.Id = "/subscriptions/b2375b5f-8dab-4436-b87c-32bc7fdce5d0/resourceGroups/rg-001-basic-lb-int-single-fe/providers/Microsoft.Compute/banana/vmss-01/virtualMachines/0/networkInterfaces/vmss-01-nic-01configuration-0/ipConfigurations/ipconfig1"
       $BasicLoadBalancer.FrontendIpConfigurations[0].PublicIPPrefix = $ipPrefix
-      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage "*FrontEndIPConfiguration*"
+      { Test-SupportedMigrationScenario -BasicLoadBalancer $BasicLoadBalancer -StdLoadBalancerName 'std-lb-01' -ErrorAction Stop } | Should -Throw -ExpectedMessage $errMsg
     }
   }
-
 }

AzureBasicLoadBalancerUpgrade/module/AzureBasicLoadBalancerUpgrade/modules/ValidateScenario/ValidateScenario.psm1

@@ -131,6 +131,13 @@ Function Test-SupportedMigrationScenario {
     }
     log -Message "[Test-SupportedMigrationScenario] Source load balancer SKU is type Basic"
 
+    # determine whether the basic load balancer is attached to an AKS cluster
+    log -Message "[Test-SupportedMigrationScenario] Determining whether basic load balancer is used by an AKS cluster"
+    If (($BasicLoadBalancer.Name -eq 'kubernetes' -or $BasicLoadBalancer.Name -eq 'kubernetes-internal') -or ($BasicLoadBalancer.Tag.ContainsKey('aks-managed-cluster-name'))) {
+        log -ErrorAction Stop -Severity 'Error' -Message "[Test-SupportedMigrationScenario] Load balancer resource '$($BasicLoadBalancer.Name)' is used by an AKS cluster & cannot be migrated. Documentation link: 'https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard?#moving-from-a-basic-sku-load-balancer-to-standard-sku'"
+        return
+    }
+
     # Detecting if there are any backend pools that is not virtualMachineScaleSets or virtualMachines
     $backendType = _GetScenarioBackendType -BasicLoadBalancer $BasicLoadBalancer
     $scenario.BackendType = $backendType

AzureBasicLoadBalancerUpgrade/testEnvs/modules/aks/aks.bicep

@@ -0,0 +1,42 @@
+param loadBalancerType string = 'bnasic'
+param location string
+param subnetId string
+param k8sVersion string
+param vmSize string
+
+var suffix = uniqueString(resourceGroup().id)
+
+resource aksCluster 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
+  name: 'aks-${suffix}'
+  location: location
+  sku: {
+    name: 'Base'
+    tier: 'Free'
+  }
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: 'aks-${suffix}'
+    kubernetesVersion: k8sVersion
+    networkProfile: {
+      networkPlugin: 'azure'
+      loadBalancerSku: loadBalancerType
+      serviceCidr: '10.1.0.0/24'
+      dnsServiceIP: '10.1.0.10'
+    }
+    agentPoolProfiles: [
+      {
+        name: 'agentpool1'
+        count: 2
+        type: 'VirtualMachineScaleSets'
+        mode: 'System'
+        vnetSubnetID: subnetId
+        vmSize: vmSize
+        osType: 'Linux'
+        osSKU: 'Ubuntu'
+      }
+    ]
+  }
+}
+

AzureBasicLoadBalancerUpgrade/testEnvs/scenarios/115-aks-basic-lb.bicep

@@ -0,0 +1,51 @@
+targetScope = 'subscription'
+param location string
+param resourceGroupName string
+param vmSize string = 'Standard_D2_v2'
+
+// Resource Group
+module rg '../modules/Microsoft.Resources/resourceGroups/deploy.bicep' = {
+  name: '${resourceGroupName}-${location}'
+  params: {
+    name: resourceGroupName
+    location: location
+  }
+}
+
+// vnet
+module virtualNetworks '../modules/Microsoft.Network/virtualNetworks/deploy.bicep' = {
+  name: 'virtualNetworks-module'
+  scope: resourceGroup(resourceGroupName)
+  params: {
+    // Required parameters
+    location: location
+    addressPrefixes: [
+      '10.0.0.0/16'
+    ]
+    name: 'vnet-01'
+    subnets: [
+      {
+        name: 'subnet-01'
+        addressPrefix: '10.0.1.0/24'
+      }
+    ]
+  }
+  dependsOn: [
+    rg
+  ]
+}
+
+module aks '../modules/aks/aks.bicep' = {
+  name: 'aks-module'
+  scope: resourceGroup(resourceGroupName)
+  params: {
+    k8sVersion: '1.28.3'
+    location: location
+    subnetId: virtualNetworks.outputs.subnetResourceIds[0]
+    vmSize: vmSize
+    loadBalancerType: 'basic'
+  }
+  dependsOn: [
+    virtualNetworks
+  ]
+}

AzureBasicLoadBalancerUpgrade/utilities/aks-ilb.yml

@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  #annotations:
+  #  service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+  name: my-service
+  namespace: default
+spec:
+  ports:
+  - protocol: TCP
+    port: 60000
+  type: LoadBalancer
+