PublicIP resources should not PUT on each AzureCluster reconcile

[devigned]

/kind bug

[Before submitting an issue, have you checked the Troubleshooting Guide?]

What steps did you take and what happened:
When reconciling an AzureCluster each reconcile loop will cause a PUT for each PublicIP resource.

What did you expect to happen:
PublicIP resources should only be mutated with a PUT if the desired state has changed.

/assign @CecileRobertMichon

[karuppiah7890]

I'll see if this can be handled as part of the sync to async migration in #1716 or else migrate as is. I'll check the code and see the difference in effort with and without the bug fix

[karuppiah7890]

cc @CecileRobertMichon

[karuppiah7890]

@devigned I was just trying out the PUT API multiple times with same request body to see the behavior. I see that the public IP (I tried IPv6) is not affected. What's the aim of this issue? To reduce the API calls to Azure when there's no change? and to also avoid PUT request which is usually meant to do updates (generally by overwrites)? Or is there any other aim / extra aim for this issue?

If it's only about avoiding unnecessary PUT API calls, how do we plan to do it? Currently I see there's no GET API call in publicips service in Reconcile. So, do we want to do a GET API call and compare the current spec from K8s with the current public IP resource from Azure and do PUT API call only if there's a diff?

[karuppiah7890]

Maybe we should also talk about what kind of updates are allowed for Public IPs. I mean, looking at some of the validations being done here by using the webhook, looks like there's not much we can change for anything related to Public IPs

So, do we expect any kind of updates with respect to Public IPs in the form of Public IP Spec? If not, we can completely ignore the update of Public IP if it already exists. I'm still checking code what kind of fields we might expect to feasibly change

[devigned]

Great questions, @karuppiah7890. The goal here is to minimize "writes" (mutations) to the Azure API. Azure APIs have lower throttling limits for writes than for reads, particularly reads that GET by resource ID.

For any resource, we should be able to GET from Azure, compare the state in Azure, then only mutate state in Azure if the desired state in K8s is different than the state in Azure.

[karuppiah7890]

Makes sense @devigned 👍

[CecileRobertMichon]

/unassign
/assign @karuppiah7890

We realized in #1791 that there might also be a bug associated with this behavior: since we update the public IP when it already exists, it means we will also update an IP that was pre-created by the user and thus add the CAPZ managed tags to it which would cause it to be deleted later on when deleting the cluster because CAPZ would see it as "managed".

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[CecileRobertMichon]

/reopen

[k8s-ci-robot]

@CecileRobertMichon: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.