Merge branch 'main' into aso-maps

# Conflicts:
#	azure/services/aso/aso.go

.github/dependabot.yml

@@ -2,6 +2,7 @@
 
 version: 2
 updates:
+
 # github-actions
 - directory: "/"
   package-ecosystem: "github-actions"
@@ -18,7 +19,8 @@ updates:
     - "ok-to-test"
     - "kind/cleanup"
     - "release-note-none"
-# Go
+
+# Go - root directory
 - directory: "/"
   package-ecosystem: "gomod"
   open-pull-requests-limit: 5
@@ -47,9 +49,11 @@ updates:
     - "ok-to-test"
     - "kind/cleanup"
     - "release-note-none"
-# Go - release 1.7
-- directory: "/"
+
+# Go - hack/tools directory
+- directory: "/hack/tools"
   package-ecosystem: "gomod"
+  open-pull-requests-limit: 5
   schedule:
     interval: "weekly"
     time: "09:00"
@@ -75,47 +79,20 @@ updates:
     - "ok-to-test"
     - "kind/cleanup"
     - "release-note-none"
-  # open-pull-requests-limit is set to 0 to only allow security updates and block any version updates for release-1.7
-  open-pull-requests-limit: 0
-  target-branch: "release-1.7"
-# Go - release 1.6
-- directory: "/"
-  package-ecosystem: "gomod"
+
+# Docker
+- package-ecosystem: "docker"
+  directory: "/"
   schedule:
     interval: "weekly"
     time: "09:00"
     # Use America/New_York Standard Time (UTC -05:00)
     timezone: "America/New_York"
+  open-pull-requests-limit: 5
   commit-message:
     prefix: "dependabot"
     include: scope
-  ignore:
-    # Ignore controller-runtime as its upgraded manually.
-    - dependency-name: "sigs.k8s.io/controller-runtime"
-    # Ignore k8s and its transitives modules as they are upgraded manually together with controller-runtime.
-    - dependency-name: "k8s.io/*"
-    - dependency-name: "go.etcd.io/*"
-    - dependency-name: "google.golang.org/grpc"
-    # Ignore subpackage releases of opentelemetry-go; just watch go.opentelemetry.io/otel.
-    - dependency-name: "go.opentelemetry.io/contrib/*"
-    - dependency-name: "go.opentelemetry.io/otel/exporters/*"
-    - dependency-name: "go.opentelemetry.io/otel/metric"
-    - dependency-name: "go.opentelemetry.io/otel/sdk*"
-    - dependency-name: "go.opentelemetry.io/otel/trace"
   labels:
     - "ok-to-test"
     - "kind/cleanup"
     - "release-note-none"
-  # open-pull-requests-limit is set to 0 to only allow security updates and block any version updates for release-1.6
-  open-pull-requests-limit: 0
-  target-branch: "release-1.6"
-
-- package-ecosystem: docker
-  directory: /
-  schedule:
-    interval: daily
-
-- package-ecosystem: gomod
-  directory: /hack/tools
-  schedule:
-    interval: daily

Makefile

@@ -125,6 +125,11 @@ KIND_VER := v0.20.0
 KIND_BIN := kind
 KIND :=  $(TOOLS_BIN_DIR)/$(KIND_BIN)-$(KIND_VER)
 
+CODESPELL_VER := 2.2.5
+CODESPELL_BIN := codespell
+CODESPELL_DIST_DIR := codespell_dist
+CODESPELL := $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/$(CODESPELL_BIN)
+
 SETUP_ENVTEST_VER := v0.0.0-20211110210527-619e6b92dab9
 SETUP_ENVTEST_BIN := setup-envtest
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER))
@@ -238,7 +243,7 @@ format-tiltfile: ## Format the Tiltfile.
 	./hack/verify-starlark.sh fix
 
 .PHONY: verify
-verify: verify-boilerplate verify-modules verify-gen verify-shellcheck verify-conversions verify-tiltfile ## Run "verify-boilerplate", "verify-modules", "verify-gen", "verify-shellcheck", "verify-conversions", "verify-tiltfile" rules.
+verify: verify-boilerplate verify-modules verify-gen verify-shellcheck verify-conversions verify-tiltfile verify-codespell ## Run "verify-boilerplate", "verify-modules", "verify-gen", "verify-shellcheck", "verify-conversions", "verify-tiltfile" "verify-codespell" rules.
 
 .PHONY: verify-boilerplate
 verify-boilerplate: ## Verify boilerplate header.
@@ -268,6 +273,10 @@ verify-conversions: $(CONVERSION_VERIFIER)  ## Verifies expected API conversion
 verify-tiltfile: ## Verify Tiltfile format.
 	./hack/verify-starlark.sh
 
+.PHONY: verify-codespell
+verify-codespell: codespell ## Verify codespell.
+	@$(CODESPELL) $(ROOT_DIR) --ignore-words=$(ROOT_DIR)/.codespellignore --skip="*.git,*_artifacts,*.sum,$(ROOT_DIR)/hack/tools/bin/codespell_dist"
+
 ## --------------------------------------
 ## Development
 ## --------------------------------------
@@ -770,6 +779,7 @@ helm: $(HELM) ## Build a local copy of helm.
 yq: $(YQ) ## Build a local copy of yq.
 kind: $(KIND) ## Build a local copy of kind.
 setup-envtest: $(SETUP_ENVTEST) ## Build a local copy of setup-envtest.
+codespell : $(CODESPELL) ## Build a local copy of codespell.
 
 $(CONVERSION_VERIFIER): go.mod
 	cd $(TOOLS_DIR); go build -tags=tools -o $@ sigs.k8s.io/cluster-api/hack/tools/conversion-verifier
@@ -849,3 +859,11 @@ $(SETUP_ENVTEST_BIN): $(SETUP_ENVTEST) ## Build a local copy of setup-envtest.
 
 $(SETUP_ENVTEST): # Build setup-envtest from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(SETUP_ENVTEST_PKG) $(SETUP_ENVTEST_BIN) $(SETUP_ENVTEST_VER)
+
+$(CODESPELL): ## Build codespell from tools folder.
+	@which $(CODESPELL) >/dev/null || ( \
+        mkdir -p $(TOOLS_BIN_DIR); \
+        pip install --target=$(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR) $(CODESPELL_BIN)==$(CODESPELL_VER); \
+		mv $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/bin/$(CODESPELL_BIN) $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR); \
+		rm -r $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/bin; \
+    )

api/v1beta1/azuremanagedcontrolplane_default.go

@@ -34,13 +34,13 @@ const (
 
 // setDefaultSSHPublicKey sets the default SSHPublicKey for an AzureManagedControlPlane.
 func (m *AzureManagedControlPlane) setDefaultSSHPublicKey() error {
-	if sshKeyData := m.Spec.SSHPublicKey; sshKeyData == "" {
+	if sshKey := m.Spec.SSHPublicKey; sshKey != nil && *sshKey == "" {
 		_, publicRsaKey, err := utilSSH.GenerateSSHKey()
 		if err != nil {
 			return err
 		}
 
-		m.Spec.SSHPublicKey = base64.StdEncoding.EncodeToString(ssh.MarshalAuthorizedKey(publicRsaKey))
+		m.Spec.SSHPublicKey = pointer.String(base64.StdEncoding.EncodeToString(ssh.MarshalAuthorizedKey(publicRsaKey)))
 	}
 
 	return nil

api/v1beta1/azuremanagedcontrolplane_default_test.go

@@ -36,11 +36,11 @@ func TestAzureManagedControlPlane_SetDefaultSSHPublicKey(t *testing.T) {
 
 	err := publicKeyExistTest.m.setDefaultSSHPublicKey()
 	g.Expect(err).To(BeNil())
-	g.Expect(publicKeyExistTest.m.Spec.SSHPublicKey).To(Equal(existingPublicKey))
+	g.Expect(*publicKeyExistTest.m.Spec.SSHPublicKey).To(Equal(existingPublicKey))
 
 	err = publicKeyNotExistTest.m.setDefaultSSHPublicKey()
 	g.Expect(err).To(BeNil())
-	g.Expect(publicKeyNotExistTest.m.Spec.SSHPublicKey).NotTo(BeEmpty())
+	g.Expect(*publicKeyNotExistTest.m.Spec.SSHPublicKey).NotTo(BeEmpty())
 }
 
 func createAzureManagedControlPlaneWithSSHPublicKey(sshPublicKey string) *AzureManagedControlPlane {
@@ -50,7 +50,7 @@ func createAzureManagedControlPlaneWithSSHPublicKey(sshPublicKey string) *AzureM
 func hardcodedAzureManagedControlPlaneWithSSHKey(sshPublicKey string) *AzureManagedControlPlane {
 	return &AzureManagedControlPlane{
 		Spec: AzureManagedControlPlaneSpec{
-			SSHPublicKey: sshPublicKey,
+			SSHPublicKey: &sshPublicKey,
 		},
 	}
 }

api/v1beta1/azuremanagedcontrolplane_types.go

@@ -124,8 +124,10 @@ type AzureManagedControlPlaneSpec struct {
 	OutboundType *ManagedControlPlaneOutboundType `json:"outboundType,omitempty"`
 
 	// SSHPublicKey is a string literal containing an ssh public key base64 encoded.
+	// Use empty string to autogenerate new key. Use null value to not set key.
 	// Immutable.
-	SSHPublicKey string `json:"sshPublicKey"`
+	// +optional
+	SSHPublicKey *string `json:"sshPublicKey,omitempty"`
 
 	// DNSServiceIP is an IP address assigned to the Kubernetes DNS service.
 	// It must be within the Kubernetes service address range specified in serviceCidr.

api/v1beta1/azuremanagedcontrolplane_webhook.go

@@ -307,9 +307,8 @@ func (m *AzureManagedControlPlane) validateVersion(_ client.Client) error {
 
 // validateSSHKey validates an SSHKey.
 func (m *AzureManagedControlPlane) validateSSHKey(_ client.Client) error {
-	if m.Spec.SSHPublicKey != "" {
-		sshKey := m.Spec.SSHPublicKey
-		if errs := ValidateSSHKey(sshKey, field.NewPath("sshKey")); len(errs) > 0 {
+	if sshKey := m.Spec.SSHPublicKey; sshKey != nil && *sshKey != "" {
+		if errs := ValidateSSHKey(*sshKey, field.NewPath("sshKey")); len(errs) > 0 {
 			return kerrors.NewAggregate(errs.ToAggregate().Errors())
 		}
 	}

api/v1beta1/azuremanagedcontrolplane_webhook_test.go

@@ -41,6 +41,7 @@ func TestDefaultingWebhook(t *testing.T) {
 			ResourceGroupName: "fooRg",
 			Location:          "fooLocation",
 			Version:           "1.17.5",
+			SSHPublicKey:      pointer.String(""),
 		},
 	}
 	mcpw := &azureManagedControlPlaneWebhook{}
@@ -49,7 +50,7 @@ func TestDefaultingWebhook(t *testing.T) {
 	g.Expect(*amcp.Spec.NetworkPlugin).To(Equal("azure"))
 	g.Expect(*amcp.Spec.LoadBalancerSKU).To(Equal("Standard"))
 	g.Expect(amcp.Spec.Version).To(Equal("v1.17.5"))
-	g.Expect(amcp.Spec.SSHPublicKey).NotTo(BeEmpty())
+	g.Expect(*amcp.Spec.SSHPublicKey).NotTo(BeEmpty())
 	g.Expect(amcp.Spec.NodeResourceGroupName).To(Equal("MC_fooRg_fooName_fooLocation"))
 	g.Expect(amcp.Spec.VirtualNetwork.Name).To(Equal("fooName"))
 	g.Expect(amcp.Spec.VirtualNetwork.Subnet.Name).To(Equal("fooName"))
@@ -64,7 +65,7 @@ func TestDefaultingWebhook(t *testing.T) {
 	amcp.Spec.LoadBalancerSKU = &lbSKU
 	amcp.Spec.NetworkPolicy = &netPol
 	amcp.Spec.Version = "9.99.99"
-	amcp.Spec.SSHPublicKey = ""
+	amcp.Spec.SSHPublicKey = nil
 	amcp.Spec.NodeResourceGroupName = "fooNodeRg"
 	amcp.Spec.VirtualNetwork.Name = "fooVnetName"
 	amcp.Spec.VirtualNetwork.Subnet.Name = "fooSubnetName"
@@ -76,7 +77,7 @@ func TestDefaultingWebhook(t *testing.T) {
 	g.Expect(*amcp.Spec.LoadBalancerSKU).To(Equal(lbSKU))
 	g.Expect(*amcp.Spec.NetworkPolicy).To(Equal(netPol))
 	g.Expect(amcp.Spec.Version).To(Equal("v9.99.99"))
-	g.Expect(amcp.Spec.SSHPublicKey).NotTo(BeEmpty())
+	g.Expect(amcp.Spec.SSHPublicKey).To(BeNil())
 	g.Expect(amcp.Spec.NodeResourceGroupName).To(Equal("fooNodeRg"))
 	g.Expect(amcp.Spec.VirtualNetwork.Name).To(Equal("fooVnetName"))
 	g.Expect(amcp.Spec.VirtualNetwork.Subnet.Name).To(Equal("fooSubnetName"))
@@ -662,7 +663,7 @@ func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
 					Name: "microsoft-cluster",
 				},
 				Spec: AzureManagedControlPlaneSpec{
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					DNSServiceIP: pointer.String("192.168.0.0"),
 					Version:      "v1.23.5",
 				},
@@ -677,7 +678,7 @@ func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
 					Name: "a-windows-cluster",
 				},
 				Spec: AzureManagedControlPlaneSpec{
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					DNSServiceIP: pointer.String("192.168.0.0"),
 					Version:      "v1.23.5",
 				},
@@ -694,7 +695,7 @@ func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
 					},
 					DNSServiceIP: pointer.String("192.168.0.0"),
 					Version:      "v1.18.0",
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					AADProfile: &AADProfile{
 						Managed: true,
 						AdminGroupObjectIDs: []string{
@@ -714,7 +715,7 @@ func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
 					},
 					DNSServiceIP: pointer.String("192.168.0.0"),
 					Version:      "v1.18.0",
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					AADProfile: &AADProfile{
 						Managed: true,
 						AdminGroupObjectIDs: []string{
@@ -774,7 +775,6 @@ func TestAzureManagedControlPlane_ValidateCreateFailure(t *testing.T) {
 func TestAzureManagedControlPlane_ValidateUpdate(t *testing.T) {
 	g := NewWithT(t)
 	commonSSHKey := generateSSHPublicKey(true)
-
 	tests := []struct {
 		name    string
 		oldAMCP *AzureManagedControlPlane
@@ -882,14 +882,14 @@ func TestAzureManagedControlPlane_ValidateUpdate(t *testing.T) {
 			oldAMCP: &AzureManagedControlPlane{
 				Spec: AzureManagedControlPlaneSpec{
 					DNSServiceIP: pointer.String("192.168.0.0"),
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					Version:      "v1.18.0",
 				},
 			},
 			amcp: &AzureManagedControlPlane{
 				Spec: AzureManagedControlPlaneSpec{
 					DNSServiceIP: pointer.String("192.168.0.0"),
-					SSHPublicKey: generateSSHPublicKey(true),
+					SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 					Version:      "v1.18.0",
 				},
 			},
@@ -1319,7 +1319,7 @@ func TestAzureManagedControlPlane_ValidateUpdate(t *testing.T) {
 func createAzureManagedControlPlane(serviceIP, version, sshKey string) *AzureManagedControlPlane {
 	return &AzureManagedControlPlane{
 		Spec: AzureManagedControlPlaneSpec{
-			SSHPublicKey: sshKey,
+			SSHPublicKey: &sshKey,
 			DNSServiceIP: pointer.String(serviceIP),
 			Version:      version,
 		},
@@ -1331,7 +1331,7 @@ func getKnownValidAzureManagedControlPlane() *AzureManagedControlPlane {
 		Spec: AzureManagedControlPlaneSpec{
 			DNSServiceIP: pointer.String("192.168.0.0"),
 			Version:      "v1.18.0",
-			SSHPublicKey: generateSSHPublicKey(true),
+			SSHPublicKey: pointer.String(generateSSHPublicKey(true)),
 			AADProfile: &AADProfile{
 				Managed: true,
 				AdminGroupObjectIDs: []string{

api/v1beta1/azuremanagedmachinepool_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	capierrors "sigs.k8s.io/cluster-api/errors"
@@ -520,6 +521,18 @@ type AzureManagedMachinePoolSpec struct {
 	// +optional
 	ScaleSetPriority *string `json:"scaleSetPriority,omitempty"`
 
+	// ScaleDownMode affects the cluster autoscaler behavior. Default to Delete. Possible values include: 'Deallocate', 'Delete'
+	// +kubebuilder:validation:Enum=Deallocate;Delete
+	// +kubebuilder:default=Delete
+	// +optional
+	ScaleDownMode *string `json:"scaleDownMode,omitempty"`
+
+	// SpotMaxPrice defines max price to pay for spot instance. Possible values are any decimal value greater than zero or -1.
+	// If you set the max price to be -1, the VM won't be evicted based on price. The price for the VM will be the current price
+	// for spot or the price for a standard VM, which ever is less, as long as there's capacity and quota available.
+	// +optional
+	SpotMaxPrice *resource.Quantity `json:"spotMaxPrice,omitempty"`
+
 	// KubeletConfig specifies the kubelet configurations for nodes.
 	// Immutable.
 	// +optional