Summary
Aspire.Hosting.Azure.Kubernetes ships an internal reflection shim — AksPreviewIngressProfileInjector — that pokes the AKS preview-only properties.ingressProfile.gatewayAPI.installation and properties.ingressProfile.applicationLoadBalancer.enabled Bicep properties onto ContainerServiceManagedCluster. This is required to enable AGC + Gateway API on AKS today (see #16990), but it's not the long-term shape we want.
The shim is unavoidable today because Azure.Provisioning.ContainerService 1.0.0-beta.6 is generated against the stable AKS REST schema, where ingressProfile has only the single webAppRouting child. The SDK code generator's "single-property wrapper collapse" then marks ManagedClusterIngressProfile as internal and hoists webAppRouting directly onto the parent, leaving no public typed surface for gatewayAPI / applicationLoadBalancer.
We tried two reflection-free alternatives (subclass ContainerServiceManagedCluster + deep DefineProperty<T> path, and the same plus DefineModelProperty<T> graft of a public ProvisionableConstruct). Both empirically shadow the typed Properties declaration and drop sibling Bicep blocks (dnsPrefix, agentPoolProfiles, oidcIssuerProfile, securityProfile). See xmldoc on AksPreviewIngressProfileInjector for the details.
Upstream tracking
Filed against Azure/azure-sdk-for-net: Azure/azure-sdk-for-net#59225
That issue acknowledges this can't really be fixed in Azure.Provisioning.ContainerService until the AKS REST API surfaces the ingressProfile additions in a stable version. Azure.Provisioning.* is generated against stable schemas as a policy choice across the family.
What we should do here
When the upstream package next exposes ManagedClusterIngressProfile publicly (via stable AKS GA of these preview features, or a preview-targeted regen), we should:
- Delete
src/Aspire.Hosting.Azure.Kubernetes/AksPreviewIngressProfileInjector.cs.
- Replace the
Inject(...) call in AzureKubernetesEnvironmentExtensions.ConfigureAksInfrastructure with the standard public-subclass / typed-property pattern used by ContainerAppEnvironmentDotnetComponentResource, CosmosDBSqlRoleAssignment_Derived, and PublicHostingCognitiveServicesCapabilityHostProperties.
- Drop the preview
ResourceVersion override on ContainerServiceManagedCluster if the typed properties land in the stable API version.
Until then this issue is the durable subscription point so we get notified when the package update lands.
Priority
Medium. The current reflection shim is well-tested and the xmldoc is explicit about what it does and why. The only ongoing risk is an upstream Azure.Provisioning.ContainerService minor version bump silently changing reflection-visible names (the shim's exception text instructs the maintainer where to look if that happens).
Summary
Aspire.Hosting.Azure.Kubernetesships an internal reflection shim —AksPreviewIngressProfileInjector— that pokes the AKS preview-onlyproperties.ingressProfile.gatewayAPI.installationandproperties.ingressProfile.applicationLoadBalancer.enabledBicep properties ontoContainerServiceManagedCluster. This is required to enable AGC + Gateway API on AKS today (see #16990), but it's not the long-term shape we want.The shim is unavoidable today because
Azure.Provisioning.ContainerService 1.0.0-beta.6is generated against the stable AKS REST schema, whereingressProfilehas only the singlewebAppRoutingchild. The SDK code generator's "single-property wrapper collapse" then marksManagedClusterIngressProfileasinternaland hoistswebAppRoutingdirectly onto the parent, leaving no public typed surface forgatewayAPI/applicationLoadBalancer.We tried two reflection-free alternatives (subclass
ContainerServiceManagedCluster+ deepDefineProperty<T>path, and the same plusDefineModelProperty<T>graft of a publicProvisionableConstruct). Both empirically shadow the typedPropertiesdeclaration and drop sibling Bicep blocks (dnsPrefix,agentPoolProfiles,oidcIssuerProfile,securityProfile). See xmldoc onAksPreviewIngressProfileInjectorfor the details.Upstream tracking
Filed against
Azure/azure-sdk-for-net: Azure/azure-sdk-for-net#59225That issue acknowledges this can't really be fixed in
Azure.Provisioning.ContainerServiceuntil the AKS REST API surfaces theingressProfileadditions in a stable version.Azure.Provisioning.*is generated against stable schemas as a policy choice across the family.What we should do here
When the upstream package next exposes
ManagedClusterIngressProfilepublicly (via stable AKS GA of these preview features, or a preview-targeted regen), we should:src/Aspire.Hosting.Azure.Kubernetes/AksPreviewIngressProfileInjector.cs.Inject(...)call inAzureKubernetesEnvironmentExtensions.ConfigureAksInfrastructurewith the standard public-subclass / typed-property pattern used byContainerAppEnvironmentDotnetComponentResource,CosmosDBSqlRoleAssignment_Derived, andPublicHostingCognitiveServicesCapabilityHostProperties.ResourceVersionoverride onContainerServiceManagedClusterif the typed properties land in the stable API version.Until then this issue is the durable subscription point so we get notified when the package update lands.
Priority
Medium. The current reflection shim is well-tested and the xmldoc is explicit about what it does and why. The only ongoing risk is an upstream
Azure.Provisioning.ContainerServiceminor version bump silently changing reflection-visible names (the shim's exception text instructs the maintainer where to look if that happens).