Merge pull request #4747 from willie-yao/use-existing-vnet-1.13

[release-1.13] use existing virtualNetwork from a different rg

Author: k8s-ci-robot

api/v1beta1/azuremanagedcontrolplane_webhook.go

@@ -314,6 +314,8 @@ func (m *AzureManagedControlPlane) Validate(cli client.Client) error {
 
 	allErrs = append(allErrs, validateAutoScalerProfile(m.Spec.AutoScalerProfile, field.NewPath("spec").Child("AutoScalerProfile"))...)
 
+	allErrs = append(allErrs, validateAMCPVirtualNetwork(m.Spec.VirtualNetwork, field.NewPath("spec").Child("VirtualNetwork"))...)
+
 	return allErrs.ToAggregate()
 }
 
@@ -409,6 +411,26 @@ func validateLoadBalancerProfile(loadBalancerProfile *LoadBalancerProfile, fldPa
 	return allErrs
 }
 
+func validateAMCPVirtualNetwork(virtualNetwork ManagedControlPlaneVirtualNetwork, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+
+	// VirtualNetwork and the CIDR blocks get defaulted in the defaulting webhook, so we can assume they are always set.
+	if !reflect.DeepEqual(virtualNetwork, ManagedControlPlaneVirtualNetwork{}) {
+		_, parentNet, vnetErr := net.ParseCIDR(virtualNetwork.CIDRBlock)
+		if vnetErr != nil {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("CIDRBlock"), virtualNetwork.CIDRBlock, "pre-existing virtual networks CIDR block is invalid"))
+		}
+		subnetIP, _, subnetErr := net.ParseCIDR(virtualNetwork.Subnet.CIDRBlock)
+		if subnetErr != nil {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("Subnet", "CIDRBlock"), virtualNetwork.CIDRBlock, "pre-existing subnets CIDR block is invalid"))
+		}
+		if vnetErr == nil && subnetErr == nil && !parentNet.Contains(subnetIP) {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("CIDRBlock"), virtualNetwork.CIDRBlock, "pre-existing virtual networks CIDR block should contain the subnet CIDR block"))
+		}
+	}
+	return allErrs
+}
+
 // validateAPIServerAccessProfile validates an APIServerAccessProfile.
 func (m *AzureManagedControlPlane) validateAPIServerAccessProfile(_ client.Client) field.ErrorList {
 	if m.Spec.APIServerAccessProfile != nil {

api/v1beta1/azuremanagedcontrolplane_webhook_test.go

@@ -2712,3 +2712,222 @@ func getAMCPMetaData() metav1.ObjectMeta {
 		Namespace: "default",
 	}
 }
+
+func TestValidateAMCPVirtualNetwork(t *testing.T) {
+	tests := []struct {
+		name    string
+		amcp    *AzureManagedControlPlane
+		wantErr string
+	}{
+		{
+			name: "Testing valid VirtualNetwork in same resource group",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg1",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name:      "vnet1",
+								CIDRBlock: defaultAKSVnetCIDR,
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: defaultAKSNodeSubnetCIDR,
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "",
+		},
+		{
+			name: "Testing valid VirtualNetwork in different resource group",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name:      "vnet1",
+								CIDRBlock: defaultAKSVnetCIDR,
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: defaultAKSNodeSubnetCIDR,
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "",
+		},
+		{
+			name: "Testing invalid VirtualNetwork in different resource group: invalid subnet CIDR",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name:      "vnet1",
+								CIDRBlock: "10.1.0.0/16",
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: "10.0.0.0/24",
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "pre-existing virtual networks CIDR block should contain the subnet CIDR block",
+		},
+		{
+			name: "Testing invalid VirtualNetwork in different resource group: no subnet CIDR",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name:      "vnet1",
+								CIDRBlock: "10.1.0.0/16",
+								Subnet: ManagedControlPlaneSubnet{
+									Name: "subnet1",
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "pre-existing virtual networks CIDR block should contain the subnet CIDR block",
+		},
+		{
+			name: "Testing invalid VirtualNetwork in different resource group: no VNet CIDR",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name: "vnet1",
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: "11.0.0.0/24",
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "pre-existing virtual networks CIDR block should contain the subnet CIDR block",
+		},
+		{
+			name: "Testing invalid VirtualNetwork in different resource group: invalid VNet CIDR",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name:      "vnet1",
+								CIDRBlock: "invalid_vnet_CIDR",
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: "11.0.0.0/24",
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "pre-existing virtual networks CIDR block is invalid",
+		},
+		{
+			name: "Testing invalid VirtualNetwork in different resource group: invalid Subnet CIDR",
+			amcp: &AzureManagedControlPlane{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "fooName",
+					Labels: map[string]string{
+						clusterv1.ClusterNameLabel: "fooCluster",
+					},
+				},
+				Spec: AzureManagedControlPlaneSpec{
+					ResourceGroupName: "rg1",
+					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
+						VirtualNetwork: ManagedControlPlaneVirtualNetwork{
+							ResourceGroup: "rg2",
+							ManagedControlPlaneVirtualNetworkClassSpec: ManagedControlPlaneVirtualNetworkClassSpec{
+								Name: "vnet1",
+								Subnet: ManagedControlPlaneSubnet{
+									Name:      "subnet1",
+									CIDRBlock: "invalid_subnet_CIDR",
+								},
+							},
+						},
+					},
+				},
+			},
+			wantErr: "pre-existing subnets CIDR block is invalid",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			g := NewWithT(t)
+			mcpw := &azureManagedControlPlaneWebhook{}
+			err := mcpw.Default(context.Background(), tc.amcp)
+			g.Expect(err).NotTo(HaveOccurred())
+
+			errs := validateAMCPVirtualNetwork(tc.amcp.Spec.VirtualNetwork, field.NewPath("spec", "VirtualNetwork"))
+			if tc.wantErr != "" {
+				g.Expect(errs).ToNot(BeEmpty())
+				g.Expect(errs[0].Detail).To(Equal(tc.wantErr))
+			} else {
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+		})
+	}
+}

api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go

@@ -203,6 +203,8 @@ func (mcp *AzureManagedControlPlaneTemplate) validateManagedControlPlaneTemplate
 
 	allErrs = append(allErrs, validateAutoScalerProfile(mcp.Spec.Template.Spec.AutoScalerProfile, field.NewPath("spec").Child("template").Child("spec").Child("AutoScalerProfile"))...)
 
+	allErrs = append(allErrs, validateAMCPVirtualNetwork(mcp.Spec.Template.Spec.VirtualNetwork, field.NewPath("spec").Child("template").Child("spec").Child("VirtualNetwork"))...)
+
 	return allErrs.ToAggregate()
 }
 

azure/defaults.go

@@ -19,6 +19,8 @@ package azure
 import (
 	"fmt"
 	"net/http"
+	"regexp"
+	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
@@ -412,3 +414,15 @@ func (p CustomPutPatchHeaderPolicy) Do(req *policy.Request) (*http.Response, err
 
 	return req.Next()
 }
+
+// GetNormalizedKubernetesName returns a normalized name for a Kubernetes resource.
+func GetNormalizedKubernetesName(name string) string {
+	// Remove non-alphanumeric characters, convert to lowercase, and replace underscores with hyphens
+	name = strings.ToLower(name)
+	re := regexp.MustCompile(`[^a-z0-9\-]+`)
+	name = re.ReplaceAllString(name, "-")
+
+	// Remove leading and trailing hyphens
+	name = strings.Trim(name, "-")
+	return name
+}

azure/defaults_test.go

@@ -277,3 +277,79 @@ func TestGetBootstrappingVMExtension(t *testing.T) {
 		})
 	}
 }
+
+func TestNormalizeAzureName(t *testing.T) {
+	testCases := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "should return lower case",
+			input:    "Test",
+			expected: "test",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens",
+			input:    "Test Name",
+			expected: "test-name",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test Name 1",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test-Name-1-",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test-Name-1-@",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test-Name-1-@-",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with spaces replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test-Name-1-@-@",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with underscores replaced by hyphens and non-alphanumeric characters removed",
+			input:    "Test_Name_1-@-@",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with underscores replaced by hyphens and non-alphanumeric characters removed",
+			input:    "0_Test_Name_1-@-@",
+			expected: "0-test-name-1",
+		},
+		{
+			name:     "should return lower case with underscores replaced by hyphens and non-alphanumeric characters removed",
+			input:    "_Test_Name_1-@-@",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should return lower case with name without hyphens",
+			input:    "_Test_Name_1---",
+			expected: "test-name-1",
+		},
+		{
+			name:     "should not change the input since input is valid k8s name",
+			input:    "test-name-1",
+			expected: "test-name-1",
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			g := NewWithT(t)
+			normalizedNamed := GetNormalizedKubernetesName(tc.input)
+			g.Expect(normalizedNamed).To(Equal(tc.expected))
+		})
+	}
+}

azure/scope/cluster.go

@@ -424,16 +424,18 @@ func (s *ClusterScope) GroupSpecs() []azure.ASOResourceSpecGetter[*asoresourcesv
 	specs := []azure.ASOResourceSpecGetter[*asoresourcesv1.ResourceGroup]{
 		&groups.GroupSpec{
 			Name:           s.ResourceGroup(),
+			AzureName:      s.ResourceGroup(),
 			Namespace:      s.Namespace(),
 			Location:       s.Location(),
 			ClusterName:    s.ClusterName(),
 			AdditionalTags: s.AdditionalTags(),
 			Owner:          owner,
 		},
 	}
-	if s.Vnet().ResourceGroup != s.ResourceGroup() {
+	if s.Vnet().ResourceGroup != "" && s.Vnet().ResourceGroup != s.ResourceGroup() {
 		specs = append(specs, &groups.GroupSpec{
-			Name:           s.Vnet().ResourceGroup,
+			Name:           azure.GetNormalizedKubernetesName(s.Vnet().ResourceGroup),
+			AzureName:      s.Vnet().ResourceGroup,
 			Namespace:      s.Namespace(),
 			Location:       s.Location(),
 			ClusterName:    s.ClusterName(),