Ensure no new AKS LBs are created w/ Basic SKU

Author: jackfrancis

api/v1beta1/azuremanagedcontrolplane_types.go

@@ -125,8 +125,6 @@ const (
 const (
 	// LoadBalancerSKUStandard is the Standard load balancer SKU.
 	LoadBalancerSKUStandard = "Standard"
-	// LoadBalancerSKUBasic is the Basic load balancer SKU.
-	LoadBalancerSKUBasic = "Basic"
 )
 
 // KeyVaultNetworkAccessTypes defines the types of network access of key vault.

api/v1beta1/azuremanagedcontrolplane_webhook.go

@@ -373,6 +373,16 @@ func validateVersion(version string, fldPath *field.Path) field.ErrorList {
 	return allErrs
 }
 
+// validateLoadBalancerSKU validates the LoadBalancerSKU.
+func validateLoadBalancerSKU(loadBalancerSKU *string, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+	if loadBalancerSKU != nil && *loadBalancerSKU != LoadBalancerSKUStandard {
+		allErrs = append(allErrs, field.Invalid(fldPath, loadBalancerSKU, "LoadBalancerSKU must be 'Standard' if specified"))
+	}
+
+	return allErrs
+}
+
 // validateSSHKey validates an SSHKey.
 func (m *AzureManagedControlPlane) validateSSHKey(_ client.Client) field.ErrorList {
 	if sshKey := m.Spec.SSHPublicKey; sshKey != nil && *sshKey != "" {

api/v1beta1/azuremanagedcontrolplane_webhook_test.go

@@ -209,6 +209,37 @@ func TestValidateVersion(t *testing.T) {
 	}
 }
 
+func TestValidateLoadBalancerSKU(t *testing.T) {
+	tests := []struct {
+		name            string
+		loadBalancerSKU *string
+		expectErr       bool
+	}{
+		{
+			name:            "Valid Version",
+			loadBalancerSKU: ptr.To(LoadBalancerSKUStandard),
+			expectErr:       false,
+		},
+		{
+			name:            "Invalid Version",
+			loadBalancerSKU: ptr.To("Basic"),
+			expectErr:       true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+			allErrs := validateLoadBalancerSKU(tt.loadBalancerSKU, field.NewPath("spec").Child("loadBalancerSKU"))
+			if tt.expectErr {
+				g.Expect(allErrs).NotTo(BeNil())
+			} else {
+				g.Expect(allErrs).To(BeNil())
+			}
+		})
+	}
+}
+
 func TestValidateLoadBalancerProfile(t *testing.T) {
 	tests := []struct {
 		name        string
@@ -2235,21 +2266,11 @@ func TestAzureManagedControlPlane_ValidateUpdate(t *testing.T) {
 				Spec: AzureManagedControlPlaneSpec{
 					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
 						DNSServiceIP:    ptr.To("192.168.0.10"),
-						LoadBalancerSKU: ptr.To("Standard"),
-						Version:         "v1.18.0",
-					},
-				},
-			},
-			amcp: &AzureManagedControlPlane{
-				Spec: AzureManagedControlPlaneSpec{
-					AzureManagedControlPlaneClassSpec: AzureManagedControlPlaneClassSpec{
-						DNSServiceIP:    ptr.To("192.168.0.10"),
-						LoadBalancerSKU: ptr.To(LoadBalancerSKUBasic),
+						LoadBalancerSKU: ptr.To(LoadBalancerSKUStandard),
 						Version:         "v1.18.0",
 					},
 				},
 			},
-			wantErr: true,
 		},
 		{
 			name: "AzureManagedControlPlane LoadBalancerSKU is immutable, unsetting is not allowed",

api/v1beta1/azuremanagedcontrolplanetemplate_webhook.go

@@ -193,6 +193,10 @@ func (mcp *AzureManagedControlPlaneTemplate) validateManagedControlPlaneTemplate
 		mcp.Spec.Template.Spec.Version,
 		field.NewPath("spec").Child("template").Child("spec").Child("version"))...)
 
+	allErrs = append(allErrs, validateLoadBalancerSKU(
+		mcp.Spec.Template.Spec.LoadBalancerSKU,
+		field.NewPath("spec").Child("template").Child("spec").Child("loadBalancerSKU"))...)
+
 	allErrs = append(allErrs, validateLoadBalancerProfile(
 		mcp.Spec.Template.Spec.LoadBalancerProfile,
 		field.NewPath("spec").Child("template").Child("spec").Child("loadBalancerProfile"))...)

api/v1beta1/azuremanagedcontrolplanetemplate_webhook_test.go

@@ -33,7 +33,7 @@ func TestControlPlaneTemplateDefaultingWebhook(t *testing.T) {
 	err := mcptw.Default(t.Context(), amcpt)
 	g.Expect(err).NotTo(HaveOccurred())
 	g.Expect(*amcpt.Spec.Template.Spec.NetworkPlugin).To(Equal("azure"))
-	g.Expect(*amcpt.Spec.Template.Spec.LoadBalancerSKU).To(Equal("Standard"))
+	g.Expect(*amcpt.Spec.Template.Spec.LoadBalancerSKU).To(Equal(LoadBalancerSKUStandard))
 	g.Expect(amcpt.Spec.Template.Spec.Version).To(Equal("v1.17.5"))
 	g.Expect(amcpt.Spec.Template.Spec.VirtualNetwork.CIDRBlock).To(Equal(defaultAKSVnetCIDR))
 	g.Expect(amcpt.Spec.Template.Spec.VirtualNetwork.Subnet.Name).To(Equal("fooName"))
@@ -42,10 +42,9 @@ func TestControlPlaneTemplateDefaultingWebhook(t *testing.T) {
 
 	t.Logf("Testing amcp defaulting webhook with baseline")
 	netPlug := "kubenet"
-	lbSKU := "Basic"
+	lbSKU := "Standard"
 	netPol := "azure"
 	amcpt.Spec.Template.Spec.NetworkPlugin = &netPlug
-	amcpt.Spec.Template.Spec.LoadBalancerSKU = &lbSKU
 	amcpt.Spec.Template.Spec.NetworkPolicy = &netPol
 	amcpt.Spec.Template.Spec.Version = "9.99.99"
 	amcpt.Spec.Template.Spec.VirtualNetwork.Name = "fooVnetName"
@@ -131,10 +130,10 @@ func TestControlPlaneTemplateUpdateWebhook(t *testing.T) {
 		{
 			name: "azuremanagedcontrolplanetemplate LoadBalancerSKU is immutable",
 			oldControlPlaneTemplate: getAzureManagedControlPlaneTemplate(func(cpt *AzureManagedControlPlaneTemplate) {
-				cpt.Spec.Template.Spec.LoadBalancerSKU = ptr.To("foo")
+				cpt.Spec.Template.Spec.LoadBalancerSKU = ptr.To(LoadBalancerSKUStandard)
 			}),
 			controlPlaneTemplate: getAzureManagedControlPlaneTemplate(func(cpt *AzureManagedControlPlaneTemplate) {
-				cpt.Spec.Template.Spec.LoadBalancerSKU = ptr.To("bar")
+				cpt.Spec.Template.Spec.LoadBalancerSKU = ptr.To("Basic")
 			}),
 			wantErr: true,
 		},

api/v1beta1/types_class.go

@@ -147,7 +147,7 @@ type AzureManagedControlPlaneClassSpec struct {
 
 	// LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.
 	// Immutable.
-	// +kubebuilder:validation:Enum=Basic;Standard
+	// +kubebuilder:validation:Enum=Standard
 	// +kubebuilder:default:=Standard
 	// +optional
 	LoadBalancerSKU *string `json:"loadBalancerSKU,omitempty"`

azure/scope/managedcontrolplane.go

@@ -577,7 +577,6 @@ func (s *ManagedControlPlaneScope) ManagedClusterSpec() azure.ASOResourceSpecGet
 		managedClusterSpec.NetworkDataplane = s.ControlPlane.Spec.NetworkDataplane
 	}
 	if s.ControlPlane.Spec.LoadBalancerSKU != nil {
-		// CAPZ accepts Standard/Basic, Azure accepts standard/basic
 		managedClusterSpec.LoadBalancerSKU = strings.ToLower(*s.ControlPlane.Spec.LoadBalancerSKU)
 	}
 

azure/services/managedclusters/spec.go

@@ -69,7 +69,7 @@ type ManagedClusterSpec struct {
 	// Version defines the desired Kubernetes version.
 	Version string
 
-	// LoadBalancerSKU for the managed cluster. Possible values include: 'Standard', 'Basic'. Defaults to Standard.
+	// LoadBalancerSKU for the managed cluster. 'Standard' is the only supported value. Defaults to Standard.
 	LoadBalancerSKU string
 
 	// NetworkPlugin used for building Kubernetes network. Possible values include: 'azure', 'kubenet'. Defaults to azure.

config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml

@@ -595,7 +595,6 @@ spec:
                   LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.
                   Immutable.
                 enum:
-                - Basic
                 - Standard
                 type: string
               location:

config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml

@@ -575,7 +575,6 @@ spec:
                           LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.
                           Immutable.
                         enum:
-                        - Basic
                         - Standard
                         type: string
                       location: