From a8e07a18d03e56847324e60305d6e2e63adb6cc0 Mon Sep 17 00:00:00 2001
From: Kyle Wuolle <kyle.wuolle@gmail.com>
Date: Mon, 2 Dec 2024 10:58:07 -0800
Subject: [PATCH] Change hosted azure template to include control plane subnet

---
 .../templates/azurecluster.yaml               | 12 +++++--
 .../azure-hosted-cp/values.schema.json        |  5 ++-
 templates/cluster/azure-hosted-cp/values.yaml |  7 ++--
 test/e2e/managedcluster/azure/azure.go        | 35 ++++++++++---------
 .../resources/azure-hosted-cp.yaml.tpl        |  7 ++--
 5 files changed, 41 insertions(+), 25 deletions(-)

diff --git a/templates/cluster/azure-hosted-cp/templates/azurecluster.yaml b/templates/cluster/azure-hosted-cp/templates/azurecluster.yaml
index 2bdb10501..56f246654 100644
--- a/templates/cluster/azure-hosted-cp/templates/azurecluster.yaml
+++ b/templates/cluster/azure-hosted-cp/templates/azurecluster.yaml
@@ -18,11 +18,17 @@ spec:
     subnets:
       - name: {{ .Values.network.nodeSubnetName }}
         # TODO this is just a test, if this works we need to consider changing this to be able to specify multiple subnets
-        role: cluster
+        role: node
         routeTable:
-          name: {{ .Values.network.routeTableName }}
+          name: {{ .Values.network.nodeRouteTableName }}
         securityGroup:
-          name: {{ .Values.network.securityGroupName }}
+          name: {{ .Values.network.nodeSecurityGroupName }}
+      - name: {{ .Values.network.cpSubnetName }}
+        role: control-plane
+        routeTable:
+          name: {{ .Values.network.cpRouteTableName }}
+        securityGroup:
+          name: {{ .Values.network.cpSecurityGroupName }}
   location: {{ .Values.location }}
   {{- if .Values.bastion.enabled }}
   {{- with .Values.bastion.bastionSpec }}
diff --git a/templates/cluster/azure-hosted-cp/values.schema.json b/templates/cluster/azure-hosted-cp/values.schema.json
index dd04d037b..18f42ef01 100644
--- a/templates/cluster/azure-hosted-cp/values.schema.json
+++ b/templates/cluster/azure-hosted-cp/values.schema.json
@@ -101,7 +101,10 @@
         "vnetName",
         "nodeSubnetName",
         "routeTableName",
-        "securityGroupName"
+        "securityGroupName",
+        "cpSubnetName",
+        "cpRouteTableName",
+        "cpSecurityGroupName"
       ],
       "properties": {
         "vnetName": {
diff --git a/templates/cluster/azure-hosted-cp/values.yaml b/templates/cluster/azure-hosted-cp/values.yaml
index b4e1b81e6..075fbb91f 100644
--- a/templates/cluster/azure-hosted-cp/values.yaml
+++ b/templates/cluster/azure-hosted-cp/values.yaml
@@ -24,8 +24,11 @@ resourceGroup: ""
 network:
   vnetName: ""
   nodeSubnetName: ""
-  routeTableName: ""
-  securityGroupName: ""
+  nodeRouteTableName: ""
+  nodeSecurityGroupName: ""
+  cpSubnetName: ""
+  cpRouteTableName: ""
+  cpSecurityGroupName: ""
 # Azure machines parameters
 
 sshPublicKey: ""
diff --git a/test/e2e/managedcluster/azure/azure.go b/test/e2e/managedcluster/azure/azure.go
index ed53e6f5f..02d496f9a 100644
--- a/test/e2e/managedcluster/azure/azure.go
+++ b/test/e2e/managedcluster/azure/azure.go
@@ -87,26 +87,27 @@ func SetAzureEnvironmentVariables(clusterName string, kc *kubeclient.KubeClient)
 		Expect(exists).To(BeTrue())
 		routeTableName := routeTable["name"]
 
-		if routeTableName != nil && len(fmt.Sprintf("%s", routeTableName)) > 0 {
-			subnetMap = sMap
-			break
-		}
-	}
+		subnetName := sMap["name"]
 
-	subnetName := subnetMap["name"]
-	GinkgoT().Setenv("AZURE_NODE_SUBNET", fmt.Sprintf("%s", subnetName))
+		securityGroup, found, err := unstructured.NestedMap(subnetMap, "securityGroup")
+		Expect(err).NotTo(HaveOccurred())
+		Expect(found).To(BeTrue())
+		securityGroupName := securityGroup["name"]
 
-	securityGroup, found, err := unstructured.NestedMap(subnetMap, "securityGroup")
-	Expect(err).NotTo(HaveOccurred())
-	Expect(found).To(BeTrue())
-	securityGroupName := securityGroup["name"]
-	GinkgoT().Setenv("AZURE_SECURITY_GROUP", fmt.Sprintf("%s", securityGroupName))
+		role, exists, err := unstructured.NestedString(sMap, "role")
+		Expect(err).NotTo(HaveOccurred())
+		Expect(exists).To(BeTrue())
 
-	routeTable, found, err := unstructured.NestedMap(subnetMap, "routeTable")
-	Expect(err).NotTo(HaveOccurred())
-	Expect(found).To(BeTrue())
-	routeTableName := routeTable["name"]
-	GinkgoT().Setenv("AZURE_ROUTE_TABLE", fmt.Sprintf("%s", routeTableName))
+		if role == "control-plane" {
+			GinkgoT().Setenv("AZURE_CP_SUBNET", fmt.Sprintf("%s", subnetName))
+			GinkgoT().Setenv("AZURE_CP_SECURITY_GROUP", fmt.Sprintf("%s", securityGroupName))
+			GinkgoT().Setenv("AZURE_CP_ROUTE_TABLE", fmt.Sprintf("%s", routeTableName))
+		} else {
+			GinkgoT().Setenv("AZURE_NODE_SUBNET", fmt.Sprintf("%s", subnetName))
+			GinkgoT().Setenv("AZURE_NODE_SECURITY_GROUP", fmt.Sprintf("%s", securityGroupName))
+			GinkgoT().Setenv("AZURE_NODE_ROUTE_TABLE", fmt.Sprintf("%s", routeTableName))
+		}
+	}
 }
 
 // CreateDefaultStorageClass configures the default storage class for Azure
diff --git a/test/e2e/managedcluster/resources/azure-hosted-cp.yaml.tpl b/test/e2e/managedcluster/resources/azure-hosted-cp.yaml.tpl
index 407096ab2..919a7c25b 100644
--- a/test/e2e/managedcluster/resources/azure-hosted-cp.yaml.tpl
+++ b/test/e2e/managedcluster/resources/azure-hosted-cp.yaml.tpl
@@ -17,8 +17,11 @@ spec:
     network:
       vnetName: "${AZURE_VM_NET_NAME}"
       nodeSubnetName: "${AZURE_NODE_SUBNET}"
-      routeTableName: "${AZURE_ROUTE_TABLE}"
-      securityGroupName: "${AZURE_SECURITY_GROUP}"
+      nodeRouteTableName: "${AZURE_NODE_ROUTE_TABLE}"
+      nodeSecurityGroupName: "${AZURE_NODE_SECURITY_GROUP}"
+      cpSubnetName: "${AZURE_CP_SUBNET}"
+      cpRouteTableName: "${AZURE_CP_ROUTE_TABLE}"
+      cpSecurityGroupName: "${AZURE_CP_SECURITY_GROUP}"
     tenantID: "${AZURE_TENANT_ID}"
     clientID: "${AZURE_CLIENT_ID}"
     clientSecret: "${AZURE_CLIENT_SECRET}"