Bump CAPI to v1.7.0-rc.1

Makefile

@@ -73,7 +73,7 @@ CONTROLLER_GEN_VER := v0.14.0
 CONTROLLER_GEN_BIN := controller-gen
 CONTROLLER_GEN := $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER)
 
-CONVERSION_GEN_VER := v0.28.0
+CONVERSION_GEN_VER := v0.29.2
 CONVERSION_GEN_BIN := conversion-gen
 CONVERSION_GEN := $(TOOLS_BIN_DIR)/$(CONVERSION_GEN_BIN)-$(CONVERSION_GEN_VER)
 
@@ -300,7 +300,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create
 	./hack/create-custom-cloud-provider-config.sh
 
 	# Deploy CAPI
-	timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f -; do sleep 5; done"
+	timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.7.0-rc.1/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f -; do sleep 5; done"
 
 	# Deploy CAAPH
 	timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.1.0-alpha.10/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f -; do sleep 5; done"

Tiltfile

@@ -20,7 +20,7 @@ settings = {
     "deploy_cert_manager": True,
     "preload_images_for_kind": True,
     "kind_cluster_name": "capz",
-    "capi_version": "v1.6.3",
+    "capi_version": "v1.7.0-rc.1",
     "cert_manager_version": "v1.14.4",
     "kubernetes_version": "v1.28.3",
     "aks_kubernetes_version": "v1.28.3",

api/v1beta1/azuremanagedcluster_webhook_test.go

@@ -28,10 +28,6 @@ import (
 )
 
 func TestAzureManagedCluster_ValidateUpdate(t *testing.T) {
-	// NOTE: AzureManagedCluster is behind AKS feature gate flag; the webhook
-	// must prevent creating new objects in case the feature flag is disabled.
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
-
 	tests := []struct {
 		name    string
 		oldAMC  *AzureManagedCluster
@@ -95,10 +91,6 @@ func TestAzureManagedCluster_ValidateUpdate(t *testing.T) {
 }
 
 func TestAzureManagedCluster_ValidateCreate(t *testing.T) {
-	// NOTE: AzureManagedCluster is behind AKS feature gate flag; the webhook
-	// must prevent creating new objects in case the feature flag is disabled.
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
-
 	tests := []struct {
 		name    string
 		oldAMC  *AzureManagedCluster
@@ -143,27 +135,34 @@ func TestAzureManagedCluster_ValidateCreate(t *testing.T) {
 
 func TestAzureManagedCluster_ValidateCreateFailure(t *testing.T) {
 	tests := []struct {
-		name      string
-		amc       *AzureManagedCluster
-		deferFunc func()
+		name        string
+		amc         *AzureManagedCluster
+		deferFunc   func()
+		expectError bool
 	}{
 		{
-			name:      "feature gate explicitly disabled",
-			amc:       getKnownValidAzureManagedCluster(),
-			deferFunc: utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			name:        "feature gate explicitly disabled",
+			amc:         getKnownValidAzureManagedCluster(),
+			deferFunc:   utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			expectError: true,
 		},
 		{
-			name:      "feature gate implicitly disabled",
-			amc:       getKnownValidAzureManagedCluster(),
-			deferFunc: func() {},
+			name:        "feature gate implicitly enabled",
+			amc:         getKnownValidAzureManagedCluster(),
+			deferFunc:   func() {},
+			expectError: false,
 		},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			defer tc.deferFunc()
 			g := NewWithT(t)
 			_, err := tc.amc.ValidateCreate()
-			g.Expect(err).To(HaveOccurred())
+			if tc.expectError {
+				g.Expect(err).To(HaveOccurred())
+			} else {
+				g.Expect(err).NotTo(HaveOccurred())
+			}
 		})
 	}
 }

api/v1beta1/azuremanagedcontrolplane_webhook_test.go

@@ -476,9 +476,6 @@ func TestValidateAutoScalerProfile(t *testing.T) {
 }
 
 func TestValidatingWebhook(t *testing.T) {
-	// NOTE: AzureManageControlPlane is behind AKS feature gate flag; the webhook
-	// must prevent creating new objects in case the feature flag is disabled.
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
 	tests := []struct {
 		name      string
 		amcp      AzureManagedControlPlane
@@ -1379,10 +1376,6 @@ func TestValidatingWebhook(t *testing.T) {
 }
 
 func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
-	// NOTE: AzureManageControlPlane is behind AKS feature gate flag; the webhook
-	// must prevent creating new objects in case the feature flag is disabled.
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
-
 	tests := []struct {
 		name     string
 		amcp     *AzureManagedControlPlane
@@ -1637,19 +1630,22 @@ func TestAzureManagedControlPlane_ValidateCreate(t *testing.T) {
 
 func TestAzureManagedControlPlane_ValidateCreateFailure(t *testing.T) {
 	tests := []struct {
-		name      string
-		amcp      *AzureManagedControlPlane
-		deferFunc func()
+		name        string
+		amcp        *AzureManagedControlPlane
+		deferFunc   func()
+		expectError bool
 	}{
 		{
-			name:      "feature gate explicitly disabled",
-			amcp:      getKnownValidAzureManagedControlPlane(),
-			deferFunc: utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			name:        "feature gate explicitly disabled",
+			amcp:        getKnownValidAzureManagedControlPlane(),
+			deferFunc:   utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			expectError: true,
 		},
 		{
-			name:      "feature gate implicitly disabled",
-			amcp:      getKnownValidAzureManagedControlPlane(),
-			deferFunc: func() {},
+			name:        "feature gate implicitly enabled",
+			amcp:        getKnownValidAzureManagedControlPlane(),
+			deferFunc:   func() {},
+			expectError: false,
 		},
 	}
 	client := mockClient{ReturnError: false}
@@ -1661,7 +1657,11 @@ func TestAzureManagedControlPlane_ValidateCreateFailure(t *testing.T) {
 				Client: client,
 			}
 			_, err := mcpw.ValidateCreate(context.Background(), tc.amcp)
-			g.Expect(err).To(HaveOccurred())
+			if tc.expectError {
+				g.Expect(err).To(HaveOccurred())
+			} else {
+				g.Expect(err).NotTo(HaveOccurred())
+			}
 		})
 	}
 }
@@ -3219,7 +3219,6 @@ func getAMCPMetaData() metav1.ObjectMeta {
 }
 
 func TestAzureManagedClusterSecurityProfileValidateCreate(t *testing.T) {
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
 	testsCreate := []struct {
 		name    string
 		amcp    *AzureManagedControlPlane

api/v1beta1/azuremanagedmachinepool_webhook_test.go

@@ -654,9 +654,6 @@ func TestAzureManagedMachinePoolUpdatingWebhook(t *testing.T) {
 }
 
 func TestAzureManagedMachinePool_ValidateCreate(t *testing.T) {
-	// NOTE: AzureManagedMachinePool is behind AKS feature gate flag; the webhook
-	// must prevent creating new objects in case the feature flag is disabled.
-	defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
 	tests := []struct {
 		name     string
 		ammp     *AzureManagedMachinePool
@@ -1310,19 +1307,22 @@ func TestAzureManagedMachinePool_ValidateCreate(t *testing.T) {
 
 func TestAzureManagedMachinePool_ValidateCreateFailure(t *testing.T) {
 	tests := []struct {
-		name      string
-		ammp      *AzureManagedMachinePool
-		deferFunc func()
+		name        string
+		ammp        *AzureManagedMachinePool
+		deferFunc   func()
+		expectError bool
 	}{
 		{
-			name:      "feature gate explicitly disabled",
-			ammp:      getKnownValidAzureManagedMachinePool(),
-			deferFunc: utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			name:        "feature gate explicitly disabled",
+			ammp:        getKnownValidAzureManagedMachinePool(),
+			deferFunc:   utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, false),
+			expectError: true,
 		},
 		{
-			name:      "feature gate implicitly disabled",
-			ammp:      getKnownValidAzureManagedMachinePool(),
-			deferFunc: func() {},
+			name:        "feature gate implicitly enabled",
+			ammp:        getKnownValidAzureManagedMachinePool(),
+			deferFunc:   func() {},
+			expectError: false,
 		},
 	}
 	for _, tc := range tests {
@@ -1331,7 +1331,11 @@ func TestAzureManagedMachinePool_ValidateCreateFailure(t *testing.T) {
 			g := NewWithT(t)
 			mw := &azureManagedMachinePoolWebhook{}
 			_, err := mw.ValidateCreate(context.Background(), tc.ammp)
-			g.Expect(err).To(HaveOccurred())
+			if tc.expectError {
+				g.Expect(err).To(HaveOccurred())
+			} else {
+				g.Expect(err).NotTo(HaveOccurred())
+			}
 		})
 	}
 }

controllers/asosecret_controller.go

@@ -226,9 +226,9 @@ func (asos *ASOSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request
 
 	// Return early if the ASO Secret Owner(AzureCluster or AzureManagedControlPlane) or Cluster is paused.
 	if annotations.IsPaused(cluster, asoSecretOwner) {
-		log.Info(fmt.Sprintf("%s or linked Cluster is marked as paused. Won't reconcile", asoSecretOwner.GetObjectKind()))
+		log.Info(fmt.Sprintf("%T or linked Cluster is marked as paused. Won't reconcile", asoSecretOwner))
 		asos.Recorder.Eventf(asoSecretOwner, corev1.EventTypeNormal, "ClusterPaused",
-			fmt.Sprintf("%s or linked Cluster is marked as paused. Won't reconcile", asoSecretOwner.GetObjectKind().GroupVersionKind().Kind))
+			fmt.Sprintf("%T or linked Cluster is marked as paused. Won't reconcile", asoSecretOwner))
 		return ctrl.Result{}, nil
 	}
 

controllers/helpers_test.go

@@ -34,15 +34,13 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	utilfeature "k8s.io/component-base/featuregate/testing"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-azure/azure/scope"
 	"sigs.k8s.io/cluster-api-provider-azure/internal/test/mock_log"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	clusterctlv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3"
 	expv1 "sigs.k8s.io/cluster-api/exp/api/v1beta1"
-	capifeature "sigs.k8s.io/cluster-api/feature"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/event"
@@ -110,7 +108,6 @@ func TestGetCloudProviderConfig(t *testing.T) {
 		azureCluster               *infrav1.AzureCluster
 		identityType               infrav1.VMIdentity
 		identityID                 string
-		machinePoolFeature         bool
 		expectedControlPlaneConfig string
 		expectedWorkerNodeConfig   string
 	}{
@@ -161,7 +158,6 @@ func TestGetCloudProviderConfig(t *testing.T) {
 			cluster:                    cluster,
 			azureCluster:               azureCluster,
 			identityType:               infrav1.VMIdentityNone,
-			machinePoolFeature:         true,
 			expectedControlPlaneConfig: vmssCloudConfig,
 			expectedWorkerNodeConfig:   vmssCloudConfig,
 		},
@@ -173,9 +169,6 @@ func TestGetCloudProviderConfig(t *testing.T) {
 
 	for name, tc := range cases {
 		t.Run(name, func(t *testing.T) {
-			if tc.machinePoolFeature {
-				defer utilfeature.SetFeatureGateDuringTest(t, capifeature.Gates, capifeature.MachinePool, true)()
-			}
 			fakeIdentity := &infrav1.AzureClusterIdentity{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "fake-identity",
@@ -532,7 +525,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 	//nolint:gosec // Ignore "G101: Potential hardcoded credentials" check.
 	spWorkerNodeCloudConfig = `{
@@ -554,7 +548,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 
 	systemAssignedControlPlaneCloudConfig = `{
@@ -574,7 +569,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": true,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 	systemAssignedWorkerNodeCloudConfig = `{
     "cloud": "AzurePublicCloud",
@@ -593,7 +589,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": true,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 
 	userAssignedControlPlaneCloudConfig = `{
@@ -614,6 +611,7 @@ const (
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": true,
     "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true,
     "userAssignedIdentityID": "foobar"
 }`
 	userAssignedWorkerNodeCloudConfig = `{
@@ -634,6 +632,7 @@ const (
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": true,
     "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true,
     "userAssignedIdentityID": "foobar"
 }`
 	spCustomVnetControlPlaneCloudConfig = `{
@@ -655,7 +654,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 	spCustomVnetWorkerNodeCloudConfig = `{
     "cloud": "AzurePublicCloud",
@@ -676,7 +676,8 @@ const (
     "loadBalancerName": "",
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
-    "useInstanceMetadata": true
+    "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true
 }`
 	rateLimitsControlPlaneCloudConfig = `{
     "cloud": "AzurePublicCloud",
@@ -698,6 +699,7 @@ const (
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
     "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true,
     "cloudProviderRateLimit": true,
     "cloudProviderRateLimitQPS": 1.2,
     "loadBalancerRateLimit": {
@@ -724,6 +726,7 @@ const (
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
     "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true,
     "cloudProviderRateLimit": true,
     "cloudProviderRateLimitQPS": 1.2,
     "loadBalancerRateLimit": {
@@ -750,6 +753,7 @@ const (
     "maximumLoadBalancerRuleCount": 250,
     "useManagedIdentityExtension": false,
     "useInstanceMetadata": true,
+    "enableVmssFlexNodes": true,
     "cloudProviderBackoff": true,
     "cloudProviderBackoffRetries": 1,
     "cloudProviderBackoffExponent": 1.2000000000000002,

exp/api/v1beta1/azuremachinepool_test.go

@@ -20,12 +20,9 @@ import (
 	"testing"
 
 	"github.com/onsi/gomega"
-	utilfeature "k8s.io/component-base/featuregate/testing"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1"
-	"sigs.k8s.io/cluster-api-provider-azure/feature"
-	capifeature "sigs.k8s.io/cluster-api/feature"
 )
 
 func TestAzureMachinePool_Validate(t *testing.T) {
@@ -213,9 +210,6 @@ func TestAzureMachinePool_Validate(t *testing.T) {
 		c := c
 		t.Run(c.Name, func(t *testing.T) {
 			// Don't add t.Parallel() here or the test will fail.
-			// NOTE: AzureMachinePool is behind MachinePool feature gate flag; the webhook
-			// must prevent creating new objects in case the feature flag is disabled.
-			defer utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, true)()
 			g := gomega.NewGomegaWithT(t)
 			amp := c.Factory(g)
 			actualErr := amp.Validate(nil, nil)