feat(cluster): add failureDomain spec label

[handsomejack-42]

What type of PR is this?

/kind api-change

Why we need it:

We need zonal control plane nodes. We might have missed something, but that probably can't be achieved in current state of CAPZ, with our use-case.

1. in its Status property, AzureCluster announces all discovered failure domains (FDs)
2. when rolling out control planes, KubeadmControlPlane checks with the FDs reported by the cluster
   • the default behavior is to evenly distribute the control plane machines (nodes) between FDs (doc)
3. there is currently no way for us to restrict FDs used by KubeadmControlPlane when rolling out nodes (no failureDomain in spec)
4. CAPZ documentation only mentions that explicit placement into FD is achieved by setting the label on Machine(Deployment). In our use-case, however, there are no Machine(Deployment)s, the KubeadmControlPlane spins AzureMachines directly.

What this PR does:

The goal of this commit is to allow CAPZ users to specify which failure domains are eligible for control plane rollouts.

CAPI elders suggested, that the implementation of this behavior lies within the individual providers (CAPZ in our case)

• tl;dr the goal is that the FDs are not announced by the AzureCluster object status, so KubeadmControlPlane won't take it into consideration when rolling out control plane nodes

There's a new label in .spec.failureDomain that is used to post-filter discovered failure domains.

The field is optional - if it's missing, all discovered failure domains are eligible for control plane rollout.

Special notes for your reviewer:

• cherry-pick candidate

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

Added AzureCluster.spec.failureDomain label, that can be used to prevent control plane node deployment to specified failure domains

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: handsomejack-42 / name: Honza (e2eb28d)

[k8s-ci-robot]

Hi @handsomejack-42. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[CecileRobertMichon]

@handsomejack-42 please let us know once you've signed the CLA so we can trigger the tests

[handsomejack-42]

@handsomejack-42 please let us know once you've signed the CLA so we can trigger the tests

✅

[handsomejack-42]

on second thought, there actually is a change to current flow

previously, when FD would be discovered (and not suitable for control plane, aka controlPlane: false), it would get into the status field no matter what

in my version, imagine there is FD1 discovered with controlPlane: false and in spec, there is a different FD with an arbitrary value for controlPlane

the change is, FD1 will no longer be announced in the status

thoughts?

in general: does it make sense to announce FDs with controlPlane: false ?

to be on the safe side, the behavior could change to be as follows

"FD is always propagated to status, only its controlPlane value can be overriden to false by spec"

[CecileRobertMichon]

"FD is always propagated to status, only its controlPlane value can be overriden to false by spec"

This is more future-proof and safe, so +1

In practice, CAPZ sets every single Azure zone it discovers to controlPlane: true: https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/controllers/azurecluster_reconciler.go#L217 so this shouldn't actually happen

[handsomejack-42]

changed

[mboersma]

/ok-to-test

[handsomejack-42]

/retest

[handsomejack-42]

@mboersma

make: Leaving directory '/home/prow/go/src/sigs.k8s.io/cluster-api-provider-azure'
cp: cannot stat 'coverage.*': No such file or directory
go: downloading golang.org/x/tools v0.8.0
Couldn't load /logs/artifacts/coverage.out: open /logs/artifacts/coverage.out: no such file or directory.+ EXIT_VALUE=1

can you pls check this?

[mboersma]

/retest

Seems like a flake in the container or with file I/O? Let's hope so.

[mboersma]

If I run make lint on this PR I get a clearer error:

INFO [runner] linters took 10.064607584s with stages: goanalysis_metalinter: 10.010416459s 
azure/scope/cluster_test.go:3498: unnecessary trailing newline (whitespace)

}

I think that added blank line at 3498 is what's causing the test failure, although I'm not sure why that wasn't reported clearly in the test job.

[handsomejack-42]

/retest

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (6987809) 57.86% compared to head (e2eb28d) 57.90%.
Report is 16 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4145      +/-   ##
==========================================
+ Coverage   57.86%   57.90%   +0.03%     
==========================================
  Files         187      187              
  Lines       19216    19219       +3     
==========================================
+ Hits        11120    11128       +8     
+ Misses       7468     7463       -5     
  Partials      628      628              

Files	Coverage Δ
api/v1beta1/types_class.go	76.47% <ø> (ø)
azure/scope/cluster.go	60.88% <100.00%> (+0.80%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[CecileRobertMichon]

We need zonal control plane nodes. We might have missed something, but that probably can't be achieved in current state of CAPZ, with our use-case.

@handsomejack-42 to clarify, it's possible to spread control plane nodes across availability zones, and in fact they do get spread automatically across all available zones. Can you please expand on the use case for selecting a subset of the failure domains to spread control planes? Is the goal to have nodes in specific Azure availability zones? or am I misunderstanding what the PR is doing?

[CecileRobertMichon]

Could you please also update the docs as part of this change https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/docs/book/src/topics/failure-domains.md?

[handsomejack-42]

We need zonal control plane nodes. We might have missed something, but that probably can't be achieved in current state of CAPZ, with our use-case.

@handsomejack-42 to clarify, it's possible to spread control plane nodes across availability zones, and in fact they do get spread automatically across all available zones. Can you please expand on the use case for selecting a subset of the failure domains to spread control planes? Is the goal to have nodes in specific Azure availability zones? or am I misunderstanding what the PR is doing?

Is the goal to have nodes in specific Azure availability zones

exactly this - basically we didn't want to end up in a state where the control plane gets placed to any available AZ and the worker clusters that it's supposed to manage end up in different AZ

[handsomejack-42]

/retest

[mboersma]

/retest

Prow failed to start the container.

[CecileRobertMichon]

Suggested change

	If you can't use `Machine` (or `MachineDeployment`) to explicitly place your VMs (for example, there is a `KubeAdmControlPlane` does not accept those as an object reference but rather uses `AzureMachineTemplate` directly), then you can opt to restrict the announcement of discovered failure domains from the cluster's status itself.
	If you can't use `Machine` (or `MachineDeployment`) to explicitly place your VMs (for example, there is a `KubeadmControlPlane` does not accept those as an object reference but rather uses `AzureMachineTemplate` directly), then you can opt to restrict the announcement of discovered failure domains from the cluster's status itself.

[mboersma]

for example, there is a KubeadmControlPlane does not accept those as an object reference

I think we're missing a word here; I couldn't quite parse this paragraph...

[handsomejack-42]

fixed, sorry

[CecileRobertMichon]

is fd1 actually what an Azure fd id would look like?

[handsomejack-42]

when we were testing it on dev cluster, the values reported in cluster status were 1, 2 etc. but i wasn't sure if that's the standard or not and for some reason it felt more explicit adding the fd

changed to 1:

[CecileRobertMichon]

lgtm aside from nits in doc

/assign @mboersma

[mboersma]

Maybe we could shorten this comment:

// FailureDomains is a list of failure domains in the cluster's region, used to restrict
// eligibility to host the control plane. A FailureDomain maps to an availability zone,
// which is a separated group of datacenters within a region.
// See: https://learn.microsoft.com/azure/reliability/availability-zones-overview
// +optional

[handsomejack-42]

applied, thx

[mboersma]

Suggested change

	// SetFailureDomain to cluster's status by given id. The value of provided control plane might
	// SetFailureDomain sets a failure domain in a cluster's status by its id. The provided failure domain spec may

[handsomejack-42]

i tried to avoid the stutter here "SetFailureDomain sets failure domain" but i didn't feel very confident about how my version read either

applied your suggestion

[mboersma]

for example, there is a KubeadmControlPlane does not accept those as an object reference

I think we're missing a word here; I couldn't quite parse this paragraph...

[CecileRobertMichon]

/lgtm

@handsomejack-42 can you please add a release note in the PR description?

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 8c9a95ab868ceed400ea6081bbe2a8d693b4f0a4

[handsomejack-42]

/lgtm

@handsomejack-42 can you please add a release note in the PR description?

done:

Added AzureCluster.spec.failureDomain label, that can be used to prevent control plane nodes deployment to specified failure domains

[mboersma]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mboersma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mboersma]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment