Merge pull request openshift#7969 from rna-afk/machine_manifests_capz

CORS-3251: Create capz machine manifests

Author: openshift-merge-bot[bot]

go.mod

@@ -110,7 +110,7 @@ require (
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	sigs.k8s.io/cluster-api v1.6.2
 	sigs.k8s.io/cluster-api-provider-aws/v2 v2.0.0-00010101000000-000000000000
-	sigs.k8s.io/cluster-api-provider-azure v0.0.0-00010101000000-000000000000
+	sigs.k8s.io/cluster-api-provider-azure v1.13.0
 	sigs.k8s.io/cluster-api-provider-gcp v1.5.0
 	sigs.k8s.io/cluster-api-provider-openstack v0.8.0
 	sigs.k8s.io/cluster-api-provider-vsphere v1.9.0

pkg/asset/machines/azure/azuremachines.go

@@ -0,0 +1,244 @@
+// Package azure generates Machine objects for azure.
+package azure
+
+import (
+	"fmt"
+	"strings"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/utils/ptr"
+	capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
+	capi "sigs.k8s.io/cluster-api/api/v1beta1"
+
+	"github.com/openshift/api/machine/v1beta1"
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
+	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/azure"
+)
+
+const (
+	genV2Suffix string = "-gen2"
+)
+
+// GenerateMachines returns manifests and runtime objects to provision the control plane (including bootstrap, if applicable) nodes using CAPI.
+func GenerateMachines(platform *azure.Platform, pool *types.MachinePool, userDataSecret string, clusterID string, role string, capabilities map[string]string, useImageGallery bool, userTags map[string]string, hyperVGen string, subnet string, resourceGroup string) ([]*asset.RuntimeFile, error) {
+	if poolPlatform := pool.Platform.Name(); poolPlatform != azure.Name {
+		return nil, fmt.Errorf("non-Azure machine-pool: %q", poolPlatform)
+	}
+	mpool := pool.Platform.Azure
+
+	total := int64(1)
+	if pool.Replicas != nil {
+		total = *pool.Replicas
+	}
+
+	if len(mpool.Zones) == 0 {
+		// if no azs are given we set to []string{""} for convenience over later operations.
+		// It means no-zoned for the machine API
+		mpool.Zones = []string{""}
+	}
+	tags, err := CapzTagsFromUserTags(clusterID, userTags)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create machineapi.TagSpecifications from UserTags: %w", err)
+	}
+
+	var image *capz.Image
+	osImage := mpool.OSImage
+	switch {
+	case osImage.Publisher != "":
+		image = &capz.Image{
+			Marketplace: &capz.AzureMarketplaceImage{
+				ImagePlan: capz.ImagePlan{
+					Publisher: osImage.Publisher,
+					Offer:     osImage.Offer,
+					SKU:       osImage.SKU,
+				},
+				Version: osImage.Version,
+			},
+		}
+	case useImageGallery:
+		// image gallery names cannot have dashes
+		galleryName := strings.ReplaceAll(clusterID, "-", "_")
+		id := clusterID
+		if hyperVGen == "V2" {
+			id += genV2Suffix
+		}
+		imageID := fmt.Sprintf("/resourceGroups/%s/providers/Microsoft.Compute/galleries/gallery_%s/images/%s/versions/latest", resourceGroup, galleryName, id)
+		image = &capz.Image{ID: &imageID}
+	default:
+		imageID := fmt.Sprintf("/resourceGroups/%s/providers/Microsoft.Compute/images/%s", resourceGroup, clusterID)
+		if hyperVGen == "V2" && platform.CloudName != azure.StackCloud {
+			imageID += genV2Suffix
+		}
+		image = &capz.Image{ID: &imageID}
+	}
+
+	osDisk := capz.OSDisk{
+		OSType:     "Linux",
+		DiskSizeGB: &mpool.DiskSizeGB,
+		ManagedDisk: &capz.ManagedDiskParameters{
+			StorageAccountType: mpool.DiskType,
+		},
+	}
+	ultrassd := mpool.UltraSSDCapability == "Enabled"
+	additionalCapabilities := &capz.AdditionalCapabilities{
+		UltraSSDEnabled: &ultrassd,
+	}
+
+	machineProfile := generateSecurityProfile(mpool)
+	securityProfile := &capz.SecurityProfile{
+		EncryptionAtHost: machineProfile.EncryptionAtHost,
+		SecurityType:     capz.SecurityTypes(machineProfile.Settings.SecurityType),
+	}
+	if machineProfile.Settings.ConfidentialVM != nil {
+		securityProfile.UefiSettings = &capz.UefiSettings{
+			VTpmEnabled:       ptr.To[bool](machineProfile.Settings.ConfidentialVM.UEFISettings.VirtualizedTrustedPlatformModule == v1beta1.VirtualizedTrustedPlatformModulePolicyEnabled),
+			SecureBootEnabled: ptr.To[bool](machineProfile.Settings.ConfidentialVM.UEFISettings.SecureBoot == v1beta1.SecureBootPolicyEnabled),
+		}
+	} else if machineProfile.Settings.TrustedLaunch != nil {
+		securityProfile.UefiSettings = &capz.UefiSettings{
+			VTpmEnabled:       ptr.To(machineProfile.Settings.TrustedLaunch.UEFISettings.VirtualizedTrustedPlatformModule == v1beta1.VirtualizedTrustedPlatformModulePolicyEnabled),
+			SecureBootEnabled: ptr.To(machineProfile.Settings.TrustedLaunch.UEFISettings.SecureBoot == v1beta1.SecureBootPolicyEnabled),
+		}
+	}
+
+	var result []*asset.RuntimeFile
+	for idx := int64(0); idx < total; idx++ {
+		zone := mpool.Zones[int(idx)%len(mpool.Zones)]
+		azureMachine := &capz.AzureMachine{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "infrastructure.cluster.x-k8s.io/v1beta1",
+				Kind:       "AzureMachine",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name: fmt.Sprintf("%s-%s-%d", clusterID, pool.Name, idx),
+				Labels: map[string]string{
+					"cluster.x-k8s.io/control-plane": "",
+					"cluster.x-k8s.io/cluster-name":  clusterID,
+				},
+			},
+			Spec: capz.AzureMachineSpec{
+				VMSize:                 mpool.InstanceType,
+				FailureDomain:          ptr.To(zone),
+				Image:                  image,
+				OSDisk:                 osDisk,
+				AdditionalTags:         tags,
+				AdditionalCapabilities: additionalCapabilities,
+				AllocatePublicIP:       false,
+				SecurityProfile:        securityProfile,
+			},
+		}
+		result = append(result, &asset.RuntimeFile{
+			File:   asset.File{Filename: fmt.Sprintf("10_inframachine_%s.yaml", azureMachine.Name)},
+			Object: azureMachine,
+		})
+
+		controlPlaneMachine := &capi.Machine{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: azureMachine.Name,
+				Labels: map[string]string{
+					"cluster.x-k8s.io/control-plane": "",
+				},
+			},
+			Spec: capi.MachineSpec{
+				ClusterName: clusterID,
+				Bootstrap: capi.Bootstrap{
+					DataSecretName: ptr.To(fmt.Sprintf("%s-%s", clusterID, role)),
+				},
+				InfrastructureRef: v1.ObjectReference{
+					APIVersion: "infrastructure.cluster.x-k8s.io/v1beta2",
+					Kind:       "AzureMachine",
+					Name:       azureMachine.Name,
+				},
+			},
+		}
+
+		result = append(result, &asset.RuntimeFile{
+			File:   asset.File{Filename: fmt.Sprintf("10_machine_%s.yaml", azureMachine.Name)},
+			Object: controlPlaneMachine,
+		})
+	}
+
+	bootstrapAzureMachine := &capz.AzureMachine{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "infrastructure.cluster.x-k8s.io/v1beta1",
+			Kind:       "AzureMachine",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: capiutils.GenerateBoostrapMachineName(clusterID),
+			Labels: map[string]string{
+				"cluster.x-k8s.io/control-plane": "",
+				"install.openshift.io/bootstrap": "",
+				"cluster.x-k8s.io/cluster-name":  clusterID,
+			},
+		},
+		Spec: capz.AzureMachineSpec{
+			VMSize:                 mpool.InstanceType,
+			Image:                  image,
+			FailureDomain:          ptr.To(mpool.Zones[0]),
+			OSDisk:                 osDisk,
+			AdditionalTags:         tags,
+			AllocatePublicIP:       true,
+			AdditionalCapabilities: additionalCapabilities,
+			SecurityProfile:        securityProfile,
+		},
+	}
+
+	result = append(result, &asset.RuntimeFile{
+		File:   asset.File{Filename: fmt.Sprintf("10_inframachine_%s.yaml", bootstrapAzureMachine.Name)},
+		Object: bootstrapAzureMachine,
+	})
+
+	bootstrapMachine := &capi.Machine{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: bootstrapAzureMachine.Name,
+			Labels: map[string]string{
+				"cluster.x-k8s.io/control-plane": "",
+			},
+		},
+		Spec: capi.MachineSpec{
+			ClusterName: clusterID,
+			Bootstrap: capi.Bootstrap{
+				DataSecretName: ptr.To(fmt.Sprintf("%s-%s", clusterID, "bootstrap")),
+			},
+			InfrastructureRef: v1.ObjectReference{
+				APIVersion: "infrastructure.cluster.x-k8s.io/v1beta2",
+				Kind:       "AzureMachine",
+				Name:       bootstrapAzureMachine.Name,
+			},
+		},
+	}
+
+	result = append(result, &asset.RuntimeFile{
+		File:   asset.File{Filename: fmt.Sprintf("10_machine_%s.yaml", bootstrapMachine.Name)},
+		Object: bootstrapMachine,
+	})
+
+	return result, nil
+}
+
+// CapzTagsFromUserTags converts a map of user tags to a map of capz.Tags.
+func CapzTagsFromUserTags(clusterID string, usertags map[string]string) (capz.Tags, error) {
+	tags := capz.Tags{}
+	tags[fmt.Sprintf("kubernetes.io_cluster.%s", clusterID)] = "owned"
+
+	forbiddenTags := sets.New[string]()
+	for key := range tags {
+		forbiddenTags.Insert(key)
+	}
+
+	userTagKeys := sets.New[string]()
+	for key := range usertags {
+		userTagKeys.Insert(key)
+	}
+	if clobberedTags := userTagKeys.Intersection(forbiddenTags); clobberedTags.Len() > 0 {
+		return nil, fmt.Errorf("user tag keys %v are not allowed", sets.List(clobberedTags))
+	}
+	for _, k := range sets.List(userTagKeys) {
+		tags[k] = usertags[k]
+	}
+	return tags, nil
+}

pkg/asset/machines/clusterapi.go

@@ -21,7 +21,9 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
+	icazure "github.com/openshift/installer/pkg/asset/installconfig/azure"
 	"github.com/openshift/installer/pkg/asset/machines/aws"
+	"github.com/openshift/installer/pkg/asset/machines/azure"
 	"github.com/openshift/installer/pkg/asset/machines/gcp"
 	"github.com/openshift/installer/pkg/asset/machines/openstack"
 	vspherecapi "github.com/openshift/installer/pkg/asset/machines/vsphere"
@@ -32,6 +34,7 @@ import (
 	awstypes "github.com/openshift/installer/pkg/types/aws"
 	awsdefaults "github.com/openshift/installer/pkg/types/aws/defaults"
 	azuretypes "github.com/openshift/installer/pkg/types/azure"
+	azuredefaults "github.com/openshift/installer/pkg/types/azure/defaults"
 	gcptypes "github.com/openshift/installer/pkg/types/gcp"
 	openstacktypes "github.com/openshift/installer/pkg/types/openstack"
 	vspheretypes "github.com/openshift/installer/pkg/types/vsphere"
@@ -225,7 +228,76 @@ func (c *ClusterAPI) Generate(dependencies asset.Parents) error {
 			Object: bootstrapMachine,
 		})
 	case azuretypes.Name:
-		// TODO: implement
+		mpool := defaultAzureMachinePoolPlatform()
+		mpool.InstanceType = azuredefaults.ControlPlaneInstanceType(
+			installConfig.Config.Platform.Azure.CloudName,
+			installConfig.Config.Platform.Azure.Region,
+			installConfig.Config.ControlPlane.Architecture,
+		)
+		mpool.OSDisk.DiskSizeGB = 1024
+		if installConfig.Config.Platform.Azure.CloudName == azuretypes.StackCloud {
+			mpool.OSDisk.DiskSizeGB = azuredefaults.AzurestackMinimumDiskSize
+		}
+		mpool.Set(ic.Platform.Azure.DefaultMachinePlatform)
+		mpool.Set(pool.Platform.Azure)
+
+		session, err := installConfig.Azure.Session()
+		if err != nil {
+			return fmt.Errorf("failed to fetch session: %w", err)
+		}
+		client := icazure.NewClient(session)
+
+		if len(mpool.Zones) == 0 {
+			// if no azs are given we set to []string{""} for convenience over later operations.
+			// It means no-zoned for the machine API
+			mpool.Zones = []string{""}
+		}
+		if len(mpool.Zones) == 0 {
+			azs, err := client.GetAvailabilityZones(context.TODO(), ic.Platform.Azure.Region, mpool.InstanceType)
+			if err != nil {
+				return fmt.Errorf("failed to fetch availability zones: %w", err)
+			}
+			mpool.Zones = azs
+			if len(azs) == 0 {
+				// if no azs are given we set to []string{""} for convenience over later operations.
+				// It means no-zoned for the machine API
+				mpool.Zones = []string{""}
+			}
+		}
+		// client.GetControlPlaneSubnet(context.TODO(), ic.Platform.Azure.ResourceGroupName, ic.Platform.Azure.VirtualNetwork, )
+
+		if mpool.OSImage.Publisher != "" {
+			img, ierr := client.GetMarketplaceImage(context.TODO(), ic.Platform.Azure.Region, mpool.OSImage.Publisher, mpool.OSImage.Offer, mpool.OSImage.SKU, mpool.OSImage.Version)
+			if ierr != nil {
+				return fmt.Errorf("failed to fetch marketplace image: %w", ierr)
+			}
+			// Publisher is case-sensitive and matched against exactly. Also the
+			// Plan's publisher might not be exactly the same as the Image's
+			// publisher
+			if img.Plan != nil && img.Plan.Publisher != nil {
+				mpool.OSImage.Publisher = *img.Plan.Publisher
+			}
+		}
+		pool.Platform.Azure = &mpool
+		subnet := ic.Azure.ControlPlaneSubnet
+
+		capabilities, err := client.GetVMCapabilities(context.TODO(), mpool.InstanceType, installConfig.Config.Platform.Azure.Region)
+		if err != nil {
+			return err
+		}
+		hyperVGen, err := icazure.GetHyperVGenerationVersion(capabilities, "")
+		if err != nil {
+			return err
+		}
+		useImageGallery := installConfig.Azure.CloudName != azuretypes.StackCloud
+		masterUserDataSecretName := "master-user-data"
+
+		azureMachines, err := azure.GenerateMachines(installConfig.Config.Platform.Azure, &pool, masterUserDataSecretName, clusterID.InfraID, "master", capabilities, useImageGallery, installConfig.Config.Platform.Azure.UserTags, hyperVGen, subnet, ic.Azure.ResourceGroupName)
+		if err != nil {
+			return fmt.Errorf("failed to create master machine objects: %w", err)
+		}
+
+		c.FileList = append(c.FileList, azureMachines...)
 	case gcptypes.Name:
 		// Generate GCP master machines using ControPlane machinepool
 		mpool := defaultGCPMachinePoolPlatform(pool.Architecture)

pkg/asset/manifests/azure/cluster.go

@@ -1,6 +1,8 @@
 package azure
 
 import (
+	"fmt"
+
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -40,7 +42,7 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 			Namespace: capiutils.Namespace,
 		},
 		Spec: capz.AzureClusterSpec{
-			ResourceGroup: clusterID.InfraID,
+			ResourceGroup: fmt.Sprintf("%s-rg", clusterID.InfraID),
 			AzureClusterClassSpec: capz.AzureClusterClassSpec{
 				SubscriptionID:   session.Credentials.SubscriptionID,
 				Location:         installConfig.Config.Azure.Region,

pkg/infrastructure/azure/azure.go

@@ -0,0 +1,14 @@
+package azure
+
+import (
+	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
+	azuretypes "github.com/openshift/installer/pkg/types/azure"
+)
+
+var _ clusterapi.Provider = (*Provider)(nil)
+
+// Provider implements Azure CAPI installation.
+type Provider struct{}
+
+// Name gives the name of the provider, Azure.
+func (*Provider) Name() string { return azuretypes.Name }