ASOAPI: basic automated adoption

[nojnhuh]

What type of PR is this?
/kind feature

What this PR does / why we need it:

This PR implements an automated adoption mechanism for ASOAPI-based clusters. It works by watching ASO ManagedClusters and ManagedClustersAgentPools with a sentinel sigs.k8s.io/cluster-api-provider-azure-adopt=true annotation and scaffolds the CAPZ/CAPI resources around them required to represent a full Cluster API Cluster. It's designed to work in conjunction with asoctl import azure-resource in order to work with any pre-existing AKS cluster, though any ASO YAML should work.

This PR currently includes the changes from #4798 in the first two commits, but I'll merge main into this branch after that merges to keep this PR diff clean.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Part of #4713 and related to #1173

Special notes for your reviewer:

• cherry-pick candidate

TODOs:

• squashed commits
• includes documentation
• adds unit tests

Release note:

NONE

[nojnhuh]

asoctl import doesn't populate any configuration for ASO to generate a kubeconfig Secret for the cluster, so CAPZ will now take responsibility for doing that if it's not already defined. This smooths out adoption by letting users essentially pipe the asoctl output straight to kubectl apply.

[codecov]

Codecov Report

Attention: Patch coverage is 6.34921% with 236 lines in your changes are missing coverage. Please review.

Project coverage is 61.93%. Comparing base (39189af) to head (076bde4).
Report is 26 commits behind head on main.

Files	Patch %	Lines
exp/controllers/agentpooladopt_controller.go	0.00%	114 Missing ⚠️
exp/controllers/managedclusteradopt_controller.go	0.00%	112 Missing ⚠️
exp/mutators/azureasomanagedcontrolplane.go	61.53%	5 Missing and 5 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4799      +/-   ##
==========================================
- Coverage   62.74%   61.93%   -0.82%     
==========================================
  Files         199      201       +2     
  Lines       16507    16821     +314     
==========================================
+ Hits        10358    10418      +60     
- Misses       5379     5620     +241     
- Partials      770      783      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[nojnhuh]

Known gaps here:

• unit and e2e tests
• docs (Now included!)
• Other Azure resources you might want represented in your CAPZ resources like AKS extensions or Fleet memberships are not currently injected into the CAPZ specs. Those resources will remain untouched by and unknown to CAPZ except that they will be deleted if they exist in the same resource group as the ManagedCluster when the CAPZ cluster is deleted. Currently we're planning to add support in the future some subset of these extra resources types.
• Exactly how the CAPI/CAPZ resources look is not configurable. If you need to change things like names of those resources, the suggestion for now is to skip this annotation-based mechanism and construct those CAPI/CAPZ resources yourself. asoctl import can still do most of the heavy lifting here and that YAML can be copy-pasted piecemeal into your CAPZ resources.

[jackfrancis]

I wonder if "import" would be a better term to use in the actual code (rather than "adopt"). What other use cases does "detect that an ASO resource doesn't have an equivalent CAPI/CAPZ resource" serve besides "adoption" in the sense that we've been discussing? (which I'd summarize as "purposefully migrate cluster lifecycle management of an existing cluster to Cluster API")

cc @willie-yao @mboersma

[nojnhuh]

Do you mean you find one of those terms more general or specific than the other? To me "adopt" and "import" seem synonymous enough that I'm not sure I follow.

[willie-yao]

I think I prefer the term "adopt" since "import" is more related to getting the ASO Spec that matches an existing resource, while CAPZ is actively managing something that is adopted. Like Jon mentioned I think they are pretty similar too, so it can go either way.

[nojnhuh]

The link checker doesn't seem to like linking to a dynamically generated domain-local path like this. The link as it appears in the docs preview here seems to work though: https://deploy-preview-4799--kubernetes-sigs-cluster-api-provider-azure.netlify.app/topics/managedcluster#option-1-using-the-experimental-aso-based-api

[jackfrancis]

/retest

[willie-yao]

I think it could be helpful to include an example of what the spec will look like for using the ASO experimental API. I'm following this and created the ASO resources but as a first-time user, I'm not sure how to incorporate that into a CAPZ spec. I think it also might help to link to the ASO API docs from here.

[nojnhuh]

I added a link to the flavor template in the docs in #4802. Does that help?

[willie-yao]

Yup that looks good!

[jackfrancis]

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 2de65e57bb0a50d45bea989528d5b4f0bef346af

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackfrancis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jackfrancis]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jackfrancis]

/hold

for squashing commits

[nojnhuh]

squashed!
/hold cancel

[jackfrancis]

/retest