az sf managed-cluster network-security-rule
Manage network security rules of a managed cluster.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sf managed-cluster network-security-rule add |
Add a network security rule to a managed cluster. |
Core | GA |
| az sf managed-cluster network-security-rule delete |
Delete a network security rule from a managed cluster. |
Core | GA |
| az sf managed-cluster network-security-rule get |
Get a network security rule to a managed cluster. |
Core | GA |
| az sf managed-cluster network-security-rule list |
List network security rules in a cluster. |
Core | GA |
| az sf managed-cluster network-security-rule update |
Update a network security rule to a managed cluster. |
Core | GA |
az sf managed-cluster network-security-rule add
Add a network security rule to a managed cluster.
az sf managed-cluster network-security-rule add --cluster-name
--resource-group
[--access {allow, deny}]
[--description]
[--dest-addr-prefix]
[--dest-addr-prefixes]
[--dest-port-range]
[--dest-port-ranges]
[--direction {inbound, outbound}]
[--name]
[--priority]
[--protocol {ah, any, esp, http, https, icmp, tcp, udp}]
[--source-addr-prefix]
[--source-addr-prefixes]
[--source-port-range]
[--source-port-ranges]Examples
Add network security rule with multiple source and destination address prefixes.
az sf managed-cluster network-security-rule add -g testRG -c testCluster --name 'network security rule name' --access allow --description 'network security rule description' --direction inbound --protocol tcp --priority 1200 --source-port-ranges 1-1000 --dest-port-ranges 1-65535 --source-addr-prefixes 167.220.242.0/27 167.220.0.0/23 131.107.132.16/28 167.220.81.128/26 --dest-addr-prefixes 194.69.104.0/25 194.69.119.64/26 167.220.249.128/26 255.255.255.255/32Add network security rule with single source and destination address prefix.
az sf managed-cluster network-security-rule add -g testRG -c testCluster --name 'network security rule name' --access deny --description 'network security rule description' --direction inbound --protocol any --priority 1300 --source-port-range * --dest-port-ranges 19000 19080 --source-addr-prefix Internet --dest-addr-prefix *Required Parameters
Specify the name of the cluster, if not given it will be same as resource group name.
Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Allows or denies network traffic.
| Property | Value |
|---|---|
| Accepted values: | allow, deny |
Network security rule description.
The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
CIDR or destination IP ranges. A single or space separated list of destination address prefixes.
The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
A single or space separated list of destination port ranges.
Network security rule direction.
| Property | Value |
|---|---|
| Accepted values: | inbound, outbound |
Network security rule name.
Integer that shows priority for rule.
Network protocol.
| Property | Value |
|---|---|
| Accepted values: | ah, any, esp, http, https, icmp, tcp, udp |
The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
The CIDR or source IP ranges. A single or space separated list of source address prefixes.
The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
A single or space separated list of source port ranges.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sf managed-cluster network-security-rule delete
Delete a network security rule from a managed cluster.
az sf managed-cluster network-security-rule delete --cluster-name
--name
--resource-groupExamples
Delete network security rule.
az sf managed-cluster network-security-rule delete -g testRG -c testCluster --name 'network security rule name'Required Parameters
Specify the name of the cluster, if not given it will be same as resource group name.
Network security rule name.
Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sf managed-cluster network-security-rule get
Get a network security rule to a managed cluster.
az sf managed-cluster network-security-rule get --cluster-name
--name
--resource-groupExamples
Get network security rule.
az sf managed-cluster network-security-rule get -g testRG -c testCluster --name 'network security rule name'Required Parameters
Specify the name of the cluster, if not given it will be same as resource group name.
Network security rule name.
Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sf managed-cluster network-security-rule list
List network security rules in a cluster.
az sf managed-cluster network-security-rule list --cluster-name
--resource-groupExamples
List network security rules.
az sf managed-cluster network-security-rule list -g testRG -c testClusterRequired Parameters
Specify the name of the cluster, if not given it will be same as resource group name.
Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az sf managed-cluster network-security-rule update
Update a network security rule to a managed cluster.
az sf managed-cluster network-security-rule update --cluster-name
--name
--resource-group
[--access {allow, deny}]
[--description]
[--dest-addr-prefixes]
[--dest-port-ranges]
[--direction {inbound, outbound}]
[--priority]
[--protocol {ah, any, esp, http, https, icmp, tcp, udp}]
[--source-addr-prefixes]
[--source-port-ranges]Examples
Update network security rule.
az sf managed-cluster network-security-rule update -g testRG -c testCluster --name 'network security rule name' --access allow --description 'network security rule description' --direction inbound --protocol tcp --priority 1200 --source-port-ranges 1-1000 --dest-port-ranges 1-65535 --source-addr-prefixes 167.220.242.0/27 167.220.0.0/23 131.107.132.16/28 167.220.81.128/26 --dest-addr-prefixes 194.69.104.0/25 194.69.119.64/26 167.220.249.128/26 255.255.255.255/32Required Parameters
Specify the name of the cluster, if not given it will be same as resource group name.
Network security rule name.
Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Allows or denies network traffic.
| Property | Value |
|---|---|
| Accepted values: | allow, deny |
Network security rule description.
CIDR or destination IP ranges. A single or space separated list of destination address prefixes.
A single or space separated list of destination port ranges.
Network security rule direction.
| Property | Value |
|---|---|
| Accepted values: | inbound, outbound |
Integer that shows priority for rule.
Network protocol.
| Property | Value |
|---|---|
| Accepted values: | ah, any, esp, http, https, icmp, tcp, udp |
The CIDR or source IP ranges. A single or space separated list of source address prefixes.
A single or space separated list of source port ranges.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
