multi zone nat

hack/api-reference/api.md

@@ -906,7 +906,8 @@ bool
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NetworkConfig">NetworkConfig</a>)
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NetworkConfig">NetworkConfig</a>, 
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.Zone">Zone</a>)
 </p>
 <p>
 <p>NatGatewayConfig contains configuration for the NAT gateway and the attached resources.</p>
@@ -1008,6 +1009,7 @@ string
 </em>
 </td>
 <td>
+<em>(Optional)</em>
 <p>Workers is the worker subnet range to create (used for the VMs).</p>
 </td>
 </tr>
@@ -1037,6 +1039,19 @@ NatGatewayConfig
 <p>ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the worker subnet.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>zones</code></br>
+<em>
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.Zone">
+[]Zone
+</a>
+</em>
+</td>
+<td>
+<p>Zones is a list of zones with their respective configuration.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.NetworkStatus">NetworkStatus
@@ -1082,8 +1097,30 @@ VNetStatus
 <p>Subnets are the subnets that have been created.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>topology</code></br>
+<em>
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NetworkTopologyType">
+NetworkTopologyType
+</a>
+</em>
+</td>
+<td>
+<p>Topology describes the network topology of the cluster.</p>
+</td>
+</tr>
 </tbody>
 </table>
+<h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.NetworkTopologyType">NetworkTopologyType
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NetworkStatus">NetworkStatus</a>)
+</p>
+<p>
+<p>NetworkTopologyType is the network topology type for the cluster.</p>
+</p>
 <h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.PublicIPReference">PublicIPReference
 </h3>
 <p>
@@ -1306,6 +1343,18 @@ Purpose
 <p>Purpose is the purpose for which the subnet was created.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>zone</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Zone is the name of the zone for which the subnet was created.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.VNet">VNet
@@ -1457,6 +1506,73 @@ string
 </tr>
 </tbody>
 </table>
+<h3 id="azure.provider.extensions.gardener.cloud/v1alpha1.Zone">Zone
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NetworkConfig">NetworkConfig</a>)
+</p>
+<p>
+<p>Zone describes the configuration for a subnet that is used for VMs on that region.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code></br>
+<em>
+int32
+</em>
+</td>
+<td>
+<p>Name is the name of the zone and should match with the name the infrastructure provider is using for the zone.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>cidr</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>CIDR is the CIDR range used for the zone&rsquo;s subnet.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serviceEndpoints</code></br>
+<em>
+[]string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the zone&rsquo;s subnet.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>natGateway</code></br>
+<em>
+<a href="#azure.provider.extensions.gardener.cloud/v1alpha1.NatGatewayConfig">
+NatGatewayConfig
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>NatGateway contains the configuration for the NatGateway associated with this subnet.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <hr/>
 <p><em>
 Generated with <a href="https://github.com/ahmetb/gen-crd-api-reference-docs">gen-crd-api-reference-docs</a>

pkg/admission/validator/shoot.go

@@ -83,18 +83,23 @@ func (s *shoot) Validate(ctx context.Context, new, old client.Object) error {
 		return fmt.Errorf("wrong object type %T", new)
 	}
 
+	cloudProfile := &gardencorev1beta1.CloudProfile{}
+	if err := s.client.Get(ctx, kutil.Key(shoot.Spec.CloudProfileName), cloudProfile); err != nil {
+		return err
+	}
+
 	if old != nil {
 		oldShoot, ok := old.(*core.Shoot)
 		if !ok {
 			return fmt.Errorf("wrong object type %T for old object", old)
 		}
-		return s.validateUpdate(oldShoot, shoot)
+		return s.validateUpdate(oldShoot, shoot, cloudProfile)
 	}
 
-	return s.validateCreation(ctx, shoot)
+	return s.validateCreation(ctx, shoot, cloudProfile)
 }
 
-func (s *shoot) validateCreation(ctx context.Context, shoot *core.Shoot) error {
+func (s *shoot) validateCreation(ctx context.Context, shoot *core.Shoot, cloudProfile *gardencorev1beta1.CloudProfile) error {
 	infraConfig, err := checkAndDecodeInfrastructureConfig(s.decoder, shoot.Spec.Provider.InfrastructureConfig, infraConfigPath)
 	if err != nil {
 		return err
@@ -108,32 +113,35 @@ func (s *shoot) validateCreation(ctx context.Context, shoot *core.Shoot) error {
 		}
 	}
 
-	if err := s.validateShoot(shoot, infraConfig, cpConfig).ToAggregate(); err != nil {
+	if err := s.validateShoot(shoot, nil, infraConfig, cloudProfile, cpConfig).ToAggregate(); err != nil {
 		return err
 	}
 
 	return s.validateShootSecret(ctx, shoot)
 }
 
-func (s *shoot) validateShoot(shoot *core.Shoot, infraConfig *azure.InfrastructureConfig, cpConfig *azure.ControlPlaneConfig) field.ErrorList {
+func (s *shoot) validateShoot(shoot *core.Shoot, oldInfraConfig, infraConfig *azure.InfrastructureConfig, cloudProfile *gardencorev1beta1.CloudProfile, cpConfig *azure.ControlPlaneConfig) field.ErrorList {
 	allErrs := field.ErrorList{}
 
 	// Network validation
 	allErrs = append(allErrs, azurevalidation.ValidateNetworking(shoot.Spec.Networking, nwPath)...)
 
+	// Cloudprofile validation
+	allErrs = append(allErrs, azurevalidation.ValidateInfrastructureConfigAgainstCloudProfile(oldInfraConfig, infraConfig, shoot.Spec.Region, cloudProfile, infraConfigPath)...)
+
 	// Provider validation
 	allErrs = append(allErrs, azurevalidation.ValidateInfrastructureConfig(infraConfig, shoot.Spec.Networking.Nodes, shoot.Spec.Networking.Pods, shoot.Spec.Networking.Services, helper.HasShootVmoAlphaAnnotation(shoot.Annotations), infraConfigPath)...)
 	if cpConfig != nil {
 		allErrs = append(allErrs, azurevalidation.ValidateControlPlaneConfig(cpConfig, shoot.Spec.Kubernetes.Version, cpConfigPath)...)
 	}
 
 	// Shoot workers
-	allErrs = append(allErrs, azurevalidation.ValidateWorkers(shoot.Spec.Provider.Workers, infraConfig.Zoned, workersPath)...)
+	allErrs = append(allErrs, azurevalidation.ValidateWorkers(shoot.Spec.Provider.Workers, infraConfig, workersPath)...)
 
 	return allErrs
 }
 
-func (s *shoot) validateUpdate(oldShoot, shoot *core.Shoot) error {
+func (s *shoot) validateUpdate(oldShoot, shoot *core.Shoot, cloudProfile *gardencorev1beta1.CloudProfile) error {
 	// Decode the new infrastructure config.
 	if shoot.Spec.Provider.InfrastructureConfig == nil {
 		return field.Required(infraConfigPath, "InfrastructureConfig must be set for Azure shoots")
@@ -169,7 +177,7 @@ func (s *shoot) validateUpdate(oldShoot, shoot *core.Shoot) error {
 	allErrs = append(allErrs, azurevalidation.ValidateVmoConfigUpdate(helper.HasShootVmoAlphaAnnotation(oldShoot.Annotations), helper.HasShootVmoAlphaAnnotation(shoot.Annotations), metaDataPath)...)
 	allErrs = append(allErrs, azurevalidation.ValidateWorkersUpdate(oldShoot.Spec.Provider.Workers, shoot.Spec.Provider.Workers, workersPath)...)
 
-	allErrs = append(allErrs, s.validateShoot(shoot, infraConfig, cpConfig)...)
+	allErrs = append(allErrs, s.validateShoot(shoot, oldInfraConfig, infraConfig, cloudProfile, cpConfig)...)
 
 	return allErrs.ToAggregate()
 }

pkg/apis/azure/helper/helper.go

@@ -33,6 +33,15 @@ func FindSubnetByPurpose(subnets []api.Subnet, purpose api.Purpose) (*api.Subnet
 	return nil, fmt.Errorf("cannot find subnet with purpose %q", purpose)
 }
 
+func FindSubnetByPurposeAndZone(subnets []api.Subnet, purpose api.Purpose, zone string) (int, *api.Subnet, error) {
+	for index, subnet := range subnets {
+		if subnet.Purpose == purpose && subnet.Zone != nil && *subnet.Zone == zone {
+			return index, &subnet, nil
+		}
+	}
+	return 0, nil, fmt.Errorf("cannot find subnet with purpose %q and zone %q", purpose, zone)
+}
+
 // FindSecurityGroupByPurpose takes a list of security groups and tries to find the first entry
 // whose purpose matches with the given purpose. If no such entry is found then an error will be
 // returned.
@@ -130,3 +139,7 @@ func HasShootVmoAlphaAnnotation(shootAnnotations map[string]string) bool {
 	}
 	return false
 }
+
+func AzureZoneToCoreZone(zone int32) string {
+	return fmt.Sprintf("%d", zone)
+}

pkg/apis/azure/types_infrastructure.go

@@ -44,11 +44,25 @@ type NetworkConfig struct {
 	// VNet indicates whether to use an existing VNet or create a new one.
 	VNet VNet
 	// Workers is the worker subnet range to create (used for the VMs).
-	Workers string
+	Workers *string
 	// NatGateway contains the configuration for the NatGateway.
 	NatGateway *NatGatewayConfig
 	// ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the worker subnet.
 	ServiceEndpoints []string
+	// Zones is a list of zones with their respective configuration.
+	Zones []Zone
+}
+
+// Zone describes the configuration for a subnet that is used for VMs on that region.
+type Zone struct {
+	// Name is the name of the zone and should match with the name the infrastructure provider is using for the zone.
+	Name int32
+	// CIDR is the CIDR range used for the zone's subnet.
+	CIDR string
+	// ServiceEndpoints is a list of Azure ServiceEndpoints which should be associated with the zone's subnet.
+	ServiceEndpoints []string
+	// NatGateway contains the configuration for the NatGateway associated with this subnet.
+	NatGateway *NatGatewayConfig
 }
 
 // NatGatewayConfig contains configuration for the NAT gateway and the attached resources.
@@ -103,6 +117,8 @@ type NetworkStatus struct {
 	VNet VNetStatus
 	// Subnets are the subnets that have been created.
 	Subnets []Subnet
+	// Topology describes the network topology of the cluster.
+	Topology NetworkTopologyType
 }
 
 // Purpose is a purpose of a subnet.
@@ -115,12 +131,27 @@ const (
 	PurposeInternal Purpose = "internal"
 )
 
+// NetworkTopologyType is the network topology type for the cluster.
+type NetworkTopologyType string
+
+const (
+	// TopologyRegional is a network topology for clusters that do not make use of availability zones.
+	TopologyRegional NetworkTopologyType = "regional"
+	// TopologyZonalSingleSubnet is a network topology for zonal clusters. Clusters with this topology have a single
+	// subnet that is shared among all availability zones.
+	TopologyZonalSingleSubnet NetworkTopologyType = "zonalSingleSubnet"
+	// TopologyZonal is a network topology for zonal clusters, where a subnet is created for each availability zone.
+	TopologyZonal NetworkTopologyType = "zonal"
+)
+
 // Subnet is a subnet that was created.
 type Subnet struct {
 	// Name is the name of the subnet.
 	Name string
 	// Purpose is the purpose for which the subnet was created.
 	Purpose Purpose
+	// Zone is the name of the zone for which the subnet was created.
+	Zone *string
 }
 
 // AvailabilitySet contains information about the azure availability set