Merge pull request #4793 from nojnhuh/v2-mutators

ASOAPI: add resource mutator framework

Author: k8s-ci-robot

exp/controllers/azureasomanagedcluster_controller.go

@@ -23,9 +23,9 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime"
 	infracontroller "sigs.k8s.io/cluster-api-provider-azure/controllers"
 	infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1alpha1"
+	"sigs.k8s.io/cluster-api-provider-azure/exp/mutators"
 	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/controllers/external"
@@ -227,11 +227,11 @@ func (r *AzureASOManagedClusterReconciler) reconcileNormal(ctx context.Context,
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	us, err := resourcesToUnstructured(asoManagedCluster.Spec.Resources)
+	resources, err := mutators.ToUnstructured(ctx, asoManagedCluster.Spec.Resources)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	resourceReconciler := r.newResourceReconciler(asoManagedCluster, us)
+	resourceReconciler := r.newResourceReconciler(asoManagedCluster, resources)
 	err = resourceReconciler.Reconcile(ctx)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)
@@ -279,11 +279,11 @@ func (r *AzureASOManagedClusterReconciler) reconcileDelete(ctx context.Context,
 	defer done()
 	log.V(4).Info("reconciling delete")
 
-	us, err := resourcesToUnstructured(asoManagedCluster.Spec.Resources)
+	resources, err := mutators.ToUnstructured(ctx, asoManagedCluster.Spec.Resources)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	resourceReconciler := r.newResourceReconciler(asoManagedCluster, us)
+	resourceReconciler := r.newResourceReconciler(asoManagedCluster, resources)
 	err = resourceReconciler.Delete(ctx)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)
@@ -295,15 +295,3 @@ func (r *AzureASOManagedClusterReconciler) reconcileDelete(ctx context.Context,
 	controllerutil.RemoveFinalizer(asoManagedCluster, clusterv1.ClusterFinalizer)
 	return ctrl.Result{}, nil
 }
-
-func resourcesToUnstructured(resources []runtime.RawExtension) ([]*unstructured.Unstructured, error) {
-	var us []*unstructured.Unstructured
-	for _, resource := range resources {
-		u := &unstructured.Unstructured{}
-		if err := u.UnmarshalJSON(resource.Raw); err != nil {
-			return nil, fmt.Errorf("failed to unmarshal resource JSON: %w", err)
-		}
-		us = append(us, u)
-	}
-	return us, nil
-}

exp/controllers/azureasomanagedcontrolplane_controller.go

@@ -28,6 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	infracontroller "sigs.k8s.io/cluster-api-provider-azure/controllers"
 	infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1alpha1"
+	"sigs.k8s.io/cluster-api-provider-azure/exp/mutators"
 	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/controllers/external"
@@ -179,24 +180,24 @@ func (r *AzureASOManagedControlPlaneReconciler) reconcileNormal(ctx context.Cont
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	us, err := resourcesToUnstructured(asoManagedControlPlane.Spec.Resources)
+	resources, err := mutators.ApplyMutators(ctx, asoManagedControlPlane.Spec.Resources, mutators.SetManagedClusterDefaults(asoManagedControlPlane, cluster))
 	if err != nil {
 		return ctrl.Result{}, err
 	}
 
 	var managedClusterName string
-	for _, resource := range us {
+	for _, resource := range resources {
 		if resource.GroupVersionKind().Group == asocontainerservicev1.GroupVersion.Group &&
 			resource.GroupVersionKind().Kind == "ManagedCluster" {
 			managedClusterName = resource.GetName()
 			break
 		}
 	}
 	if managedClusterName == "" {
-		return ctrl.Result{}, reconcile.TerminalError(fmt.Errorf("no %s ManagedCluster defined in AzureASOManagedControlPlane spec.resources", asocontainerservicev1.GroupVersion.Group))
+		return ctrl.Result{}, reconcile.TerminalError(mutators.ErrNoManagedClusterDefined)
 	}
 
-	resourceReconciler := r.newResourceReconciler(asoManagedControlPlane, us)
+	resourceReconciler := r.newResourceReconciler(asoManagedControlPlane, resources)
 	err = resourceReconciler.Reconcile(ctx)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)
@@ -295,11 +296,11 @@ func (r *AzureASOManagedControlPlaneReconciler) reconcileDelete(ctx context.Cont
 	defer done()
 	log.V(4).Info("reconciling delete")
 
-	us, err := resourcesToUnstructured(asoManagedControlPlane.Spec.Resources)
+	resources, err := mutators.ToUnstructured(ctx, asoManagedControlPlane.Spec.Resources)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	resourceReconciler := r.newResourceReconciler(asoManagedControlPlane, us)
+	resourceReconciler := r.newResourceReconciler(asoManagedControlPlane, resources)
 	err = resourceReconciler.Delete(ctx)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)

exp/controllers/azureasomanagedmachinepool_controller.go

@@ -28,6 +28,7 @@ import (
 	"k8s.io/utils/ptr"
 	infracontroller "sigs.k8s.io/cluster-api-provider-azure/controllers"
 	infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1alpha1"
+	"sigs.k8s.io/cluster-api-provider-azure/exp/mutators"
 	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/controllers/external"
@@ -208,13 +209,13 @@ func (r *AzureASOManagedMachinePoolReconciler) reconcileNormal(ctx context.Conte
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	us, err := resourcesToUnstructured(asoManagedMachinePool.Spec.Resources)
+	resources, err := mutators.ApplyMutators(ctx, asoManagedMachinePool.Spec.Resources)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
 
 	var agentPoolName string
-	for _, resource := range us {
+	for _, resource := range resources {
 		if resource.GroupVersionKind().Group == asocontainerservicev1.GroupVersion.Group &&
 			resource.GroupVersionKind().Kind == "ManagedClustersAgentPool" {
 			agentPoolName = resource.GetName()
@@ -225,7 +226,7 @@ func (r *AzureASOManagedMachinePoolReconciler) reconcileNormal(ctx context.Conte
 		return ctrl.Result{}, reconcile.TerminalError(fmt.Errorf("no %s ManagedClustersAgentPools defined in AzureASOManagedMachinePool spec.resources", asocontainerservicev1.GroupVersion.Group))
 	}
 
-	resourceReconciler := r.newResourceReconciler(asoManagedMachinePool, us)
+	resourceReconciler := r.newResourceReconciler(asoManagedMachinePool, resources)
 	err = resourceReconciler.Reconcile(ctx)
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)
@@ -311,11 +312,11 @@ func (r *AzureASOManagedMachinePoolReconciler) reconcileDelete(ctx context.Conte
 	// If the entire cluster is being deleted, this ASO ManagedClustersAgentPool will be deleted with the rest
 	// of the ManagedCluster.
 	if cluster.DeletionTimestamp.IsZero() {
-		us, err := resourcesToUnstructured(asoManagedMachinePool.Spec.Resources)
+		resources, err := mutators.ToUnstructured(ctx, asoManagedMachinePool.Spec.Resources)
 		if err != nil {
 			return ctrl.Result{}, err
 		}
-		resourceReconciler := r.newResourceReconciler(asoManagedMachinePool, us)
+		resourceReconciler := r.newResourceReconciler(asoManagedMachinePool, resources)
 		err = resourceReconciler.Delete(ctx)
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("failed to reconcile resources: %w", err)

exp/mutators/azureasomanagedcontrolplane.go

@@ -0,0 +1,167 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package mutators
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1alpha1"
+	"sigs.k8s.io/cluster-api-provider-azure/util/tele"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+var (
+	// ErrNoManagedClusterDefined describes an AzureASOManagedControlPlane without a ManagedCluster.
+	ErrNoManagedClusterDefined = fmt.Errorf("no %s ManagedCluster defined in AzureASOManagedControlPlane spec.resources", asocontainerservicev1.GroupVersion.Group)
+)
+
+// SetManagedClusterDefaults propagates values defined by Cluster API to an ASO ManagedCluster.
+func SetManagedClusterDefaults(asoManagedControlPlane *infrav1exp.AzureASOManagedControlPlane, cluster *clusterv1.Cluster) ResourcesMutator {
+	return func(ctx context.Context, us []*unstructured.Unstructured) error {
+		ctx, _, done := tele.StartSpanWithLogger(ctx, "mutators.SetManagedClusterDefaults")
+		defer done()
+
+		var managedCluster *unstructured.Unstructured
+		var managedClusterPath string
+		for i, u := range us {
+			if u.GroupVersionKind().Group == asocontainerservicev1.GroupVersion.Group &&
+				u.GroupVersionKind().Kind == "ManagedCluster" {
+				managedCluster = u
+				managedClusterPath = fmt.Sprintf("spec.resources[%d]", i)
+				break
+			}
+		}
+		if managedCluster == nil {
+			return reconcile.TerminalError(ErrNoManagedClusterDefined)
+		}
+
+		if err := setManagedClusterKubernetesVersion(ctx, asoManagedControlPlane, managedClusterPath, managedCluster); err != nil {
+			return err
+		}
+
+		if err := setManagedClusterServiceCIDR(ctx, cluster, managedClusterPath, managedCluster); err != nil {
+			return err
+		}
+
+		if err := setManagedClusterPodCIDR(ctx, cluster, managedClusterPath, managedCluster); err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+func setManagedClusterKubernetesVersion(ctx context.Context, asoManagedControlPlane *infrav1exp.AzureASOManagedControlPlane, managedClusterPath string, managedCluster *unstructured.Unstructured) error {
+	_, log, done := tele.StartSpanWithLogger(ctx, "mutators.setManagedClusterKubernetesVersion")
+	defer done()
+
+	capzK8sVersion := strings.TrimPrefix(asoManagedControlPlane.Spec.Version, "v")
+	if capzK8sVersion == "" {
+		// When the CAPI contract field isn't set, any value for version in the embedded ASO resource may be specified.
+		return nil
+	}
+
+	k8sVersionPath := []string{"spec", "kubernetesVersion"}
+	userK8sVersion, k8sVersionFound, err := unstructured.NestedString(managedCluster.UnstructuredContent(), k8sVersionPath...)
+	if err != nil {
+		return err
+	}
+	setK8sVersion := mutation{
+		location: managedClusterPath + "." + strings.Join(k8sVersionPath, "."),
+		val:      capzK8sVersion,
+		reason:   "because spec.version is set to " + asoManagedControlPlane.Spec.Version,
+	}
+	if k8sVersionFound && userK8sVersion != capzK8sVersion {
+		return Incompatible{
+			mutation: setK8sVersion,
+			userVal:  userK8sVersion,
+		}
+	}
+	logMutation(log, setK8sVersion)
+	return unstructured.SetNestedField(managedCluster.UnstructuredContent(), capzK8sVersion, k8sVersionPath...)
+}
+
+func setManagedClusterServiceCIDR(ctx context.Context, cluster *clusterv1.Cluster, managedClusterPath string, managedCluster *unstructured.Unstructured) error {
+	_, log, done := tele.StartSpanWithLogger(ctx, "mutators.setManagedClusterServiceCIDR")
+	defer done()
+
+	if cluster.Spec.ClusterNetwork == nil ||
+		cluster.Spec.ClusterNetwork.Services == nil ||
+		len(cluster.Spec.ClusterNetwork.Services.CIDRBlocks) == 0 {
+		return nil
+	}
+
+	capiCIDR := cluster.Spec.ClusterNetwork.Services.CIDRBlocks[0]
+
+	// ManagedCluster.v1api20210501.containerservice.azure.com does not contain the plural serviceCidrs field.
+	svcCIDRPath := []string{"spec", "networkProfile", "serviceCidr"}
+	userSvcCIDR, found, err := unstructured.NestedString(managedCluster.UnstructuredContent(), svcCIDRPath...)
+	if err != nil {
+		return err
+	}
+	setSvcCIDR := mutation{
+		location: managedClusterPath + "." + strings.Join(svcCIDRPath, "."),
+		val:      capiCIDR,
+		reason:   fmt.Sprintf("because spec.clusterNetwork.services.cidrBlocks[0] in Cluster %s/%s is set to %s", cluster.Namespace, cluster.Name, capiCIDR),
+	}
+	if found && userSvcCIDR != capiCIDR {
+		return Incompatible{
+			mutation: setSvcCIDR,
+			userVal:  userSvcCIDR,
+		}
+	}
+	logMutation(log, setSvcCIDR)
+	return unstructured.SetNestedField(managedCluster.UnstructuredContent(), capiCIDR, svcCIDRPath...)
+}
+
+func setManagedClusterPodCIDR(ctx context.Context, cluster *clusterv1.Cluster, managedClusterPath string, managedCluster *unstructured.Unstructured) error {
+	_, log, done := tele.StartSpanWithLogger(ctx, "mutators.setManagedClusterPodCIDR")
+	defer done()
+
+	if cluster.Spec.ClusterNetwork == nil ||
+		cluster.Spec.ClusterNetwork.Pods == nil ||
+		len(cluster.Spec.ClusterNetwork.Pods.CIDRBlocks) == 0 {
+		return nil
+	}
+
+	capiCIDR := cluster.Spec.ClusterNetwork.Pods.CIDRBlocks[0]
+
+	// ManagedCluster.v1api20210501.containerservice.azure.com does not contain the plural podCidrs field.
+	podCIDRPath := []string{"spec", "networkProfile", "podCidr"}
+	userPodCIDR, found, err := unstructured.NestedString(managedCluster.UnstructuredContent(), podCIDRPath...)
+	if err != nil {
+		return err
+	}
+	setPodCIDR := mutation{
+		location: managedClusterPath + "." + strings.Join(podCIDRPath, "."),
+		val:      capiCIDR,
+		reason:   fmt.Sprintf("because spec.clusterNetwork.pods.cidrBlocks[0] in Cluster %s/%s is set to %s", cluster.Namespace, cluster.Name, capiCIDR),
+	}
+	if found && userPodCIDR != capiCIDR {
+		return Incompatible{
+			mutation: setPodCIDR,
+			userVal:  userPodCIDR,
+		}
+	}
+	logMutation(log, setPodCIDR)
+	return unstructured.SetNestedField(managedCluster.UnstructuredContent(), capiCIDR, podCIDRPath...)
+}