From fb814b5a846e7e555731fd16e0b355ac396579bc Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sun, 20 Jul 2025 08:45:00 +0300 Subject: [PATCH 1/2] azure: Set default network CIDR to 10.0.0.0/16 --- tests/e2e/kubetest2-kops/deployer/up.go | 2 -- upup/pkg/fi/cloudup/defaults.go | 48 ++++++++++++++----------- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/tests/e2e/kubetest2-kops/deployer/up.go b/tests/e2e/kubetest2-kops/deployer/up.go index 021094bd30..4a366dc4bb 100644 --- a/tests/e2e/kubetest2-kops/deployer/up.go +++ b/tests/e2e/kubetest2-kops/deployer/up.go @@ -193,8 +193,6 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e args = appendIfUnset(args, "--master-size", "c5.large") } case "azure": - // TODO: Check why Azure requires --network-cidr - args = appendIfUnset(args, "--network-cidr", "10.0.0.0/16") args = appendIfUnset(args, "--cloud-labels", "DO-NOT-DELETE=kOps") args = appendIfUnset(args, "--control-plane-size", "Standard_D4s_v3") args = appendIfUnset(args, "--node-size", "Standard_D2s_v3") diff --git a/upup/pkg/fi/cloudup/defaults.go b/upup/pkg/fi/cloudup/defaults.go index 730dfab031..84cad91829 100644 --- a/upup/pkg/fi/cloudup/defaults.go +++ b/upup/pkg/fi/cloudup/defaults.go @@ -70,24 +70,11 @@ func PerformAssignments(c *kops.Cluster, vfsContext *vfs.VFSContext, cloud fi.Cl } } - setNetworkCIDR := (cloud.ProviderID() == kops.CloudProviderAWS) || (cloud.ProviderID() == kops.CloudProviderAzure) - if setNetworkCIDR && c.Spec.Networking.NetworkCIDR == "" { + if cloud.ProviderID() == kops.CloudProviderAWS && c.Spec.Networking.NetworkCIDR == "" { if c.SharedVPC() { - var vpcInfo *fi.VPCInfo - var err error - if cloud.ProviderID() == kops.CloudProviderAzure { - if c.Spec.CloudProvider.Azure == nil || c.Spec.CloudProvider.Azure.ResourceGroupName == "" { - return fmt.Errorf("missing required --azure-resource-group-name when specifying Network ID") - } - vpcInfo, err = cloud.(azure.AzureCloud).FindVNetInfo(c.Spec.Networking.NetworkID, c.Spec.CloudProvider.Azure.ResourceGroupName) - if err != nil { - return err - } - } else { - vpcInfo, err = cloud.FindVPCInfo(c.Spec.Networking.NetworkID) - if err != nil { - return err - } + vpcInfo, err := cloud.FindVPCInfo(c.Spec.Networking.NetworkID) + if err != nil { + return err } if vpcInfo == nil { return fmt.Errorf("unable to find Network ID %q", c.Spec.Networking.NetworkID) @@ -97,10 +84,8 @@ func PerformAssignments(c *kops.Cluster, vfsContext *vfs.VFSContext, cloud fi.Cl return fmt.Errorf("unable to infer NetworkCIDR from Network ID, please specify --network-cidr") } } else { - if cloud.ProviderID() == kops.CloudProviderAWS { - // TODO: Choose non-overlapping networking CIDRs for VPCs, using vpcInfo - c.Spec.Networking.NetworkCIDR = "172.20.0.0/16" - } + // TODO: Choose non-overlapping networking CIDRs for VPCs, using vpcInfo + c.Spec.Networking.NetworkCIDR = "172.20.0.0/16" } // Amazon VPC CNI uses the same network @@ -109,6 +94,27 @@ func PerformAssignments(c *kops.Cluster, vfsContext *vfs.VFSContext, cloud fi.Cl } } + if cloud.ProviderID() == kops.CloudProviderAzure && c.Spec.Networking.NetworkCIDR == "" { + if c.SharedVPC() { + if c.Spec.CloudProvider.Azure == nil || c.Spec.CloudProvider.Azure.ResourceGroupName == "" { + return fmt.Errorf("missing required --azure-resource-group-name when specifying Network ID") + } + vpcInfo, err := cloud.(azure.AzureCloud).FindVNetInfo(c.Spec.Networking.NetworkID, c.Spec.CloudProvider.Azure.ResourceGroupName) + if err != nil { + return err + } + if vpcInfo == nil { + return fmt.Errorf("unable to find Network ID %q", c.Spec.Networking.NetworkID) + } + c.Spec.Networking.NetworkCIDR = vpcInfo.CIDR + if c.Spec.Networking.NetworkCIDR == "" { + return fmt.Errorf("unable to infer NetworkCIDR from Network ID, please specify --network-cidr") + } + } else { + c.Spec.Networking.NetworkCIDR = "10.0.0.0/16" + } + } + if c.Spec.Networking.NonMasqueradeCIDR == "" { c.Spec.Networking.NonMasqueradeCIDR = "100.64.0.0/10" } From 29fb3d3587fde60dd11ea1f74c272f2ce5e0bf38 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sun, 20 Jul 2025 08:49:28 +0300 Subject: [PATCH 2/2] azure: Use AZURE_SUBSCRIPTION_ID env var as fallback --- cmd/kops/create_cluster.go | 10 ++++++++++ tests/e2e/kubetest2-kops/deployer/up.go | 2 -- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cmd/kops/create_cluster.go b/cmd/kops/create_cluster.go index 9ec32ea811..2ef563b9ab 100644 --- a/cmd/kops/create_cluster.go +++ b/cmd/kops/create_cluster.go @@ -536,6 +536,16 @@ func RunCreateCluster(ctx context.Context, f *util.Factory, out io.Writer, c *Cr c.NetworkID = c.OpenstackNetworkID } + if featureflag.Azure.Enabled() { + if c.AzureSubscriptionID == "" { + if id, ok := os.LookupEnv("AZURE_SUBSCRIPTION_ID"); ok { + c.AzureSubscriptionID = id + } else { + return fmt.Errorf("--azure-subscription-id is required") + } + } + } + clusterResult, err := cloudup.NewCluster(&c.NewClusterOptions, clientset) if err != nil { return err diff --git a/tests/e2e/kubetest2-kops/deployer/up.go b/tests/e2e/kubetest2-kops/deployer/up.go index 4a366dc4bb..14bf940e86 100644 --- a/tests/e2e/kubetest2-kops/deployer/up.go +++ b/tests/e2e/kubetest2-kops/deployer/up.go @@ -20,7 +20,6 @@ import ( "context" "errors" "fmt" - "os" osexec "os/exec" "path" "strconv" @@ -198,7 +197,6 @@ func (d *deployer) createCluster(zones []string, adminAccess string, yes bool) e args = appendIfUnset(args, "--node-size", "Standard_D2s_v3") // TODO: Check if we can use "kops" as SSH user args = appendIfUnset(args, "--azure-admin-user", "ubuntu") - args = appendIfUnset(args, "--azure-subscription-id", os.Getenv("AZURE_SUBSCRIPTION_ID")) case "gce": if isArm { args = appendIfUnset(args, "--master-size", "t2a-standard-2")