Implement bastion host

cmd/clusterctl/examples/azure/cluster.yaml.template

@@ -15,6 +15,8 @@ spec:
       kind: "AzureClusterProviderSpec"
       resourceGroup: "${RESOURCE_GROUP}"
       location: "${LOCATION}"
+      sshPublicKey: ${SSH_PUBLIC_KEY}
+      sshPrivateKey: ${SSH_PRIVATE_KEY}
       networkSpec:
         vnet:
           name: "${VNET_NAME}"

config/crds/azureprovider_v1alpha1_azureclusterproviderspec.yaml

@@ -489,9 +489,17 @@ spec:
           - cert
           - key
           type: object
+        sshPrivateKey:
+          description: SSHPrivateKey is the ssh private key for the bastion host
+          type: string
+        sshPublicKey:
+          description: SSHPublicKey is the ssh public key for the bastion host
+          type: string
       required:
       - resourceGroup
       - location
+      - sshPublicKey
+      - sshPrivateKey
   version: v1alpha1
 status:
   acceptedNames:

pkg/apis/azureprovider/v1alpha1/azureclusterproviderconfig_types.go

@@ -36,6 +36,11 @@ type AzureClusterProviderSpec struct {
 	ResourceGroup string `json:"resourceGroup"`
 	Location      string `json:"location"`
 
+	// SSHPublicKey is the ssh public key for the bastion host
+	SSHPublicKey string `json:"sshPublicKey"`
+	// SSHPrivateKey is the ssh private key for the bastion host
+	SSHPrivateKey string `json:"sshPrivateKey"`
+
 	// CAKeyPair is the key pair for CA certs.
 	CAKeyPair KeyPair `json:"caKeyPair,omitempty"`
 

pkg/apis/azureprovider/v1alpha1/types.go

@@ -74,6 +74,8 @@ const (
 	ControlPlane string = "controlplane"
 	// Node machine label
 	Node string = "node"
+	// Bastion matching label
+	Bastion string = "bastion"
 )
 
 // Network encapsulates Azure networking resources.

pkg/cloud/azure/actuators/cluster/BUILD.bazel

@@ -9,16 +9,19 @@ go_library(
     importpath = "sigs.k8s.io/cluster-api-provider-azure/pkg/cloud/azure/actuators/cluster",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/apis/azureprovider/v1alpha1:go_default_library",
         "//pkg/cloud/azure:go_default_library",
         "//pkg/cloud/azure/actuators:go_default_library",
         "//pkg/cloud/azure/services/certificates:go_default_library",
         "//pkg/cloud/azure/services/groups:go_default_library",
         "//pkg/cloud/azure/services/internalloadbalancers:go_default_library",
+        "//pkg/cloud/azure/services/networkinterfaces:go_default_library",
         "//pkg/cloud/azure/services/publicips:go_default_library",
         "//pkg/cloud/azure/services/publicloadbalancers:go_default_library",
         "//pkg/cloud/azure/services/routetables:go_default_library",
         "//pkg/cloud/azure/services/securitygroups:go_default_library",
         "//pkg/cloud/azure/services/subnets:go_default_library",
+        "//pkg/cloud/azure/services/virtualmachines:go_default_library",
         "//pkg/cloud/azure/services/virtualnetworks:go_default_library",
         "//pkg/deployer:go_default_library",
         "//vendor/github.com/pkg/errors:go_default_library",

pkg/cloud/azure/actuators/cluster/actuator_test.go

@@ -45,16 +45,18 @@ func TestReconcileSuccess(t *testing.T) {
 	fakeNotFoundSvc := &azure.FakeNotFoundService{}
 
 	fakeReconciler := &Reconciler{
-		scope:            newFakeScope(),
-		groupsSvc:        fakeSuccessSvc,
-		certificatesSvc:  fakeSuccessSvc,
-		vnetSvc:          fakeSuccessSvc,
-		securityGroupSvc: fakeSuccessSvc,
-		routeTableSvc:    fakeSuccessSvc,
-		subnetsSvc:       fakeSuccessSvc,
-		internalLBSvc:    fakeSuccessSvc,
-		publicIPSvc:      fakeSuccessSvc,
-		publicLBSvc:      fakeSuccessSvc,
+		scope:                newFakeScope(),
+		certificatesSvc:      fakeSuccessSvc,
+		groupsSvc:            fakeSuccessSvc,
+		vnetSvc:              fakeSuccessSvc,
+		securityGroupSvc:     fakeSuccessSvc,
+		routeTableSvc:        fakeSuccessSvc,
+		subnetsSvc:           fakeSuccessSvc,
+		internalLBSvc:        fakeSuccessSvc,
+		publicIPSvc:          fakeSuccessSvc,
+		publicLBSvc:          fakeSuccessSvc,
+		virtualMachineSvc:    fakeSuccessSvc,
+		networkInterfacesSvc: fakeSuccessSvc,
 	}
 
 	if err := fakeReconciler.Reconcile(); err != nil {
@@ -102,16 +104,18 @@ func TestPublicIPNonEmpty(t *testing.T) {
 	fakeSuccessSvc := &azure.FakeSuccessService{}
 
 	fakeReconciler := &Reconciler{
-		scope:            newFakeScope(),
-		groupsSvc:        fakeSuccessSvc,
-		certificatesSvc:  fakeSuccessSvc,
-		vnetSvc:          fakeSuccessSvc,
-		securityGroupSvc: fakeSuccessSvc,
-		routeTableSvc:    fakeSuccessSvc,
-		subnetsSvc:       fakeSuccessSvc,
-		internalLBSvc:    fakeSuccessSvc,
-		publicIPSvc:      fakeSuccessSvc,
-		publicLBSvc:      fakeSuccessSvc,
+		scope:                newFakeScope(),
+		certificatesSvc:      fakeSuccessSvc,
+		groupsSvc:            fakeSuccessSvc,
+		vnetSvc:              fakeSuccessSvc,
+		securityGroupSvc:     fakeSuccessSvc,
+		routeTableSvc:        fakeSuccessSvc,
+		subnetsSvc:           fakeSuccessSvc,
+		internalLBSvc:        fakeSuccessSvc,
+		publicIPSvc:          fakeSuccessSvc,
+		publicLBSvc:          fakeSuccessSvc,
+		virtualMachineSvc:    fakeSuccessSvc,
+		networkInterfacesSvc: fakeSuccessSvc,
 	}
 
 	if err := fakeReconciler.Reconcile(); err != nil {
@@ -138,16 +142,18 @@ func TestServicesCreatedCount(t *testing.T) {
 	fakeSuccessSvc := &azure.FakeCachedService{Cache: &cache}
 
 	fakeReconciler := &Reconciler{
-		scope:            newFakeScope(),
-		groupsSvc:        fakeSuccessSvc,
-		certificatesSvc:  fakeSuccessSvc,
-		vnetSvc:          fakeSuccessSvc,
-		securityGroupSvc: fakeSuccessSvc,
-		routeTableSvc:    fakeSuccessSvc,
-		subnetsSvc:       fakeSuccessSvc,
-		internalLBSvc:    fakeSuccessSvc,
-		publicIPSvc:      fakeSuccessSvc,
-		publicLBSvc:      fakeSuccessSvc,
+		scope:                newFakeScope(),
+		certificatesSvc:      fakeSuccessSvc,
+		groupsSvc:            fakeSuccessSvc,
+		vnetSvc:              fakeSuccessSvc,
+		securityGroupSvc:     fakeSuccessSvc,
+		routeTableSvc:        fakeSuccessSvc,
+		subnetsSvc:           fakeSuccessSvc,
+		internalLBSvc:        fakeSuccessSvc,
+		publicIPSvc:          fakeSuccessSvc,
+		publicLBSvc:          fakeSuccessSvc,
+		virtualMachineSvc:    fakeSuccessSvc,
+		networkInterfacesSvc: fakeSuccessSvc,
 	}
 
 	if err := fakeReconciler.Reconcile(); err != nil {