💎 provision vnet for aks clusters #1009
Conversation
k8s-ci-robot
added
release-note-action-required
k8s-ci-robot
added
area/provider/azure
|
@alexeldeib: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
notable: |
+1 I haven't code reviewed in depth yet but overall these changes are sane to me |
|
n.b.: we only deploy aks with system msi right now, afaik this avoids several permissions issues with AKS service principals // user assigned managed identities. In the future, we may need to either create appropriate rbac assignments for the cluster service principal or update docs to reflect required permissions: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal#networking would follow up separately for that |
| azure "sigs.k8s.io/cluster-api-provider-azure/cloud" | ||
| ) | ||
|
|
||
| // VNetScope defines the scope interface for a virtual network service. | ||
| type VNetScope interface { | ||
| logr.Logger | ||
| azure.ClusterDescriber | ||
| azure.NetworkDescriber | ||
| Vnet() *infrav1.VnetSpec |
There was a problem hiding this comment.
This highlights a potential bug in the code... the vnet service is supposed to be unaware of the AzureCluster spec and just create / update / delete vnets from the specs it gets. The fact that it needs Vnet() which doesn't have any info that VNetSpecs() doesn't have is a little strange. Looking at the code, it uses that to write the info back into the Vnet() which makes sense but also would cause a bug if we have decided to have multiple specs returned by VnetSpecs() since they would overwrite each other. Not specific to this PR, in fact this PR makes it easy to see that bug, just reflecting 🤔
There was a problem hiding this comment.
this is another case where it would make more sense if vnetSpec() didn't return an array @alexeldeib
| @@ -36,6 +36,8 @@ import ( | |||
| "sigs.k8s.io/cluster-api-provider-azure/cloud/scope" | |||
| "sigs.k8s.io/cluster-api-provider-azure/cloud/services/groups" | |||
| "sigs.k8s.io/cluster-api-provider-azure/cloud/services/managedclusters" | |||
| "sigs.k8s.io/cluster-api-provider-azure/cloud/services/subnets" | |||
| "sigs.k8s.io/cluster-api-provider-azure/cloud/services/virtualnetworks" | |||
There was a problem hiding this comment.
let's add an e2e test for managed control plane clusters as part of moving it out of exp/ (can be optional on PRs). Is there already an issue tracking that?
There was a problem hiding this comment.
yeah, I should probably do this sooner rather than later
|
small bump for review if anyone has some cycles 🙂 |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What type of PR is this?
/kind api-change
/kind cleanup
What this PR does / why we need it:
pre-provisions vnets for aks clusters, replacement for #929. was taking too long to get that.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
This is pretty breaking...but I'm going to vote we iterate while in exp rather than avoid breaking users (i'm skeptical this has many users yet).
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: