feat: Add dynamic dedicated host allocation for CAPA provider

This commit implements dynamic dedicated host allocation capability to support
bare metal workloads like OpenShift Virtualization with HyperShift on ROSA HCP,
particularly for BYOL Microsoft Windows workloads.

Key changes:
- Add DynamicHostAllocationSpec API with instance family, type, quantity, AZ, and tagging support
- Implement dedicated host service with allocation, release, and validation operations
- Integrate dynamic allocation into machine lifecycle with automatic cleanup
- Add comprehensive webhook validation for configuration consistency
- Include unit tests and usage examples
- Generate updated CRDs with new API fields

The implementation follows existing CAPA patterns from PR kubernetes-sigs#5548 and provides
automatic provisioning and management of AWS dedicated hosts based on
instance requirements.

Related: kubernetes-sigs#5548

Author: jimzim

api/v1beta1/conversion.go

@@ -103,3 +103,8 @@ func Convert_v1beta2_S3Bucket_To_v1beta1_S3Bucket(in *v1beta2.S3Bucket, out *S3B
 func Convert_v1beta2_Ignition_To_v1beta1_Ignition(in *v1beta2.Ignition, out *Ignition, s conversion.Scope) error {
 	return autoConvert_v1beta2_Ignition_To_v1beta1_Ignition(in, out, s)
 }
+
+func Convert_v1beta2_AWSMachineStatus_To_v1beta1_AWSMachineStatus(in *v1beta2.AWSMachineStatus, out *AWSMachineStatus, s conversion.Scope) error {
+	// Note: AllocatedHostID is not present in v1beta1, so it will be dropped during conversion
+	return autoConvert_v1beta2_AWSMachineStatus_To_v1beta1_AWSMachineStatus(in, out, s)
+}

api/v1beta1/zz_generated.conversion.go

@@ -245,6 +245,45 @@ type AWSMachineSpec struct {
 	// +optional
 	// +kubebuilder:validation:Enum:=default;host
 	HostAffinity *string `json:"hostAffinity,omitempty"`
+
+	// DynamicHostAllocation enables automatic allocation of dedicated hosts.
+	// This field is mutually exclusive with HostID.
+	// +optional
+	DynamicHostAllocation *DynamicHostAllocationSpec `json:"dynamicHostAllocation,omitempty"`
+}
+
+// DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation.
+type DynamicHostAllocationSpec struct {
+	// InstanceFamily specifies the EC2 instance family (e.g., "m5", "c5", "r5").
+	// +kubebuilder:validation:Required
+	InstanceFamily string `json:"instanceFamily"`
+
+	// AvailabilityZone specifies the target availability zone for allocation.
+	// If not specified, uses the same AZ as the instance.
+	// +optional
+	AvailabilityZone *string `json:"availabilityZone,omitempty"`
+
+	// InstanceType specifies the specific instance type for the dedicated host.
+	// If not specified, derives from InstanceFamily.
+	// +optional
+	InstanceType *string `json:"instanceType,omitempty"`
+
+	// Quantity specifies the number of dedicated hosts to allocate.
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=10
+	// +kubebuilder:default=1
+	// +optional
+	Quantity *int32 `json:"quantity,omitempty"`
+
+	// AutoRelease determines whether to automatically release the dedicated host
+	// when the machine is deleted.
+	// +kubebuilder:default=true
+	// +optional
+	AutoRelease *bool `json:"autoRelease,omitempty"`
+
+	// Tags to apply to the allocated dedicated host.
+	// +optional
+	Tags map[string]string `json:"tags,omitempty"`
 }
 
 // CloudInit defines options related to the bootstrapping systems where
@@ -424,6 +463,11 @@ type AWSMachineStatus struct {
 	// Conditions defines current service state of the AWSMachine.
 	// +optional
 	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
+
+	// AllocatedHostID tracks the dynamically allocated dedicated host ID.
+	// This field is populated when DynamicHostAllocation is used.
+	// +optional
+	AllocatedHostID *string `json:"allocatedHostID,omitempty"`
 }
 
 // +kubebuilder:object:root=true

api/v1beta2/awsmachine_types.go

@@ -460,14 +460,164 @@ func (r *AWSMachine) validateAdditionalSecurityGroups() field.ErrorList {
 func (r *AWSMachine) validateHostAffinity() field.ErrorList {
 	var allErrs field.ErrorList
 
+	// Validate static host allocation
 	if r.Spec.HostAffinity != nil {
 		if r.Spec.HostID == nil || len(*r.Spec.HostID) == 0 {
 			allErrs = append(allErrs, field.Required(field.NewPath("spec.hostID"), "hostID must be set when hostAffinity is configured"))
 		}
 	}
+
+	// Validate dynamic host allocation
+	if r.Spec.DynamicHostAllocation != nil {
+		// Mutual exclusivity check
+		if r.Spec.HostID != nil {
+			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec.hostID"), "cannot specify both hostID and dynamicHostAllocation"))
+		}
+		if r.Spec.HostAffinity != nil {
+			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec.hostAffinity"), "cannot specify both hostAffinity and dynamicHostAllocation"))
+		}
+
+		// Validate dynamic allocation spec
+		allErrs = append(allErrs, r.validateDynamicHostAllocation()...)
+	}
+
+	return allErrs
+}
+
+func (r *AWSMachine) validateDynamicHostAllocation() field.ErrorList {
+	var allErrs field.ErrorList
+	spec := r.Spec.DynamicHostAllocation
+
+	// Validate instance family is required
+	if spec.InstanceFamily == "" {
+		allErrs = append(allErrs, field.Required(field.NewPath("spec.dynamicHostAllocation.instanceFamily"), "instanceFamily is required"))
+	} else {
+		// Validate instance family format
+		if !isValidInstanceFamily(spec.InstanceFamily) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.dynamicHostAllocation.instanceFamily"), spec.InstanceFamily, "invalid instance family format"))
+		}
+	}
+
+	// Validate quantity if specified
+	if spec.Quantity != nil {
+		if *spec.Quantity < 1 || *spec.Quantity > 10 {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.dynamicHostAllocation.quantity"), *spec.Quantity, "quantity must be between 1 and 10"))
+		}
+	}
+
+	// Validate instance type format if specified
+	if spec.InstanceType != nil && *spec.InstanceType != "" {
+		if !isValidInstanceType(*spec.InstanceType) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.dynamicHostAllocation.instanceType"), *spec.InstanceType, "invalid instance type format"))
+		}
+
+		// Check consistency between instance family and instance type
+		expectedFamily := extractInstanceFamily(*spec.InstanceType)
+		if expectedFamily != spec.InstanceFamily {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.dynamicHostAllocation.instanceType"), *spec.InstanceType,
+				fmt.Sprintf("instance type %s does not match specified instance family %s", *spec.InstanceType, spec.InstanceFamily)))
+		}
+	}
+
+	// Validate availability zone format if specified
+	if spec.AvailabilityZone != nil && *spec.AvailabilityZone != "" {
+		if !isValidAvailabilityZone(*spec.AvailabilityZone) {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec.dynamicHostAllocation.availabilityZone"), *spec.AvailabilityZone, "invalid availability zone format"))
+		}
+	}
+
 	return allErrs
 }
 
 func (r *AWSMachine) validateSSHKeyName() field.ErrorList {
 	return validateSSHKeyName(r.Spec.SSHKeyName)
 }
+
+// isValidInstanceFamily validates the format of an EC2 instance family.
+func isValidInstanceFamily(family string) bool {
+	// Instance families typically follow patterns like: m5, c5, r5, t3, etc.
+	// Allow alphanumeric characters, must start with a letter
+	if len(family) < 2 || len(family) > 10 {
+		return false
+	}
+
+	for i, char := range family {
+		if i == 0 {
+			// First character must be a letter
+			if !((char >= 'a' && char <= 'z') || (char >= 'A' && char <= 'Z')) {
+				return false
+			}
+		} else {
+			// Subsequent characters can be letters or numbers
+			if !((char >= 'a' && char <= 'z') || (char >= 'A' && char <= 'Z') || (char >= '0' && char <= '9')) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// isValidInstanceType validates the format of an EC2 instance type.
+func isValidInstanceType(instanceType string) bool {
+	// Instance types follow the pattern: family.size (e.g., m5.large, c5.xlarge)
+	parts := strings.Split(instanceType, ".")
+	if len(parts) != 2 {
+		return false
+	}
+
+	family, size := parts[0], parts[1]
+
+	// Validate family part
+	if !isValidInstanceFamily(family) {
+		return false
+	}
+
+	// Validate size part - common sizes include: nano, micro, small, medium, large, xlarge, 2xlarge, etc.
+	validSizes := map[string]bool{
+		"nano": true, "micro": true, "small": true, "medium": true, "large": true,
+		"xlarge": true, "2xlarge": true, "3xlarge": true, "4xlarge": true, "6xlarge": true,
+		"8xlarge": true, "9xlarge": true, "10xlarge": true, "12xlarge": true, "16xlarge": true,
+		"18xlarge": true, "24xlarge": true, "32xlarge": true, "48xlarge": true, "56xlarge": true,
+		"112xlarge": true, "224xlarge": true, "metal": true,
+	}
+
+	return validSizes[size]
+}
+
+// isValidAvailabilityZone validates the format of an AWS availability zone.
+func isValidAvailabilityZone(az string) bool {
+	// AZ format: region + zone letter (e.g., us-west-2a, eu-central-1b)
+	if len(az) < 4 {
+		return false
+	}
+
+	// Should end with a single letter
+	lastChar := az[len(az)-1]
+	if !((lastChar >= 'a' && lastChar <= 'z') || (lastChar >= 'A' && lastChar <= 'Z')) {
+		return false
+	}
+
+	// The rest should be a valid region format (contains dashes and alphanumeric)
+	region := az[:len(az)-1]
+	if len(region) < 3 {
+		return false
+	}
+
+	// Basic validation for region format
+	for _, char := range region {
+		if !((char >= 'a' && char <= 'z') || (char >= 'A' && char <= 'Z') || (char >= '0' && char <= '9') || char == '-') {
+			return false
+		}
+	}
+
+	return true
+}
+
+// extractInstanceFamily extracts the instance family from an instance type.
+func extractInstanceFamily(instanceType string) string {
+	parts := strings.Split(instanceType, ".")
+	if len(parts) < 2 {
+		return instanceType
+	}
+	return parts[0]
+}

api/v1beta2/awsmachine_webhook.go

@@ -285,6 +285,38 @@ type Instance struct {
 	// HostID specifies the dedicated host on which the instance should be started.
 	// +optional
 	HostID *string `json:"hostID,omitempty"`
+
+	// DynamicHostAllocation enables automatic allocation of dedicated hosts.
+	// This field is mutually exclusive with HostID.
+	// +optional
+	DynamicHostAllocation *DynamicHostAllocationSpec `json:"dynamicHostAllocation,omitempty"`
+}
+
+// DedicatedHostInfo contains information about a dedicated host.
+type DedicatedHostInfo struct {
+	// HostID is the ID of the dedicated host.
+	HostID string `json:"hostID"`
+
+	// InstanceFamily is the instance family supported by the host.
+	InstanceFamily string `json:"instanceFamily"`
+
+	// InstanceType is the instance type supported by the host.
+	InstanceType string `json:"instanceType"`
+
+	// AvailabilityZone is the AZ where the host is located.
+	AvailabilityZone string `json:"availabilityZone"`
+
+	// State is the current state of the dedicated host.
+	State string `json:"state"`
+
+	// TotalCapacity is the total number of instances that can be launched on the host.
+	TotalCapacity int32 `json:"totalCapacity"`
+
+	// AvailableCapacity is the number of instances that can still be launched on the host.
+	AvailableCapacity int32 `json:"availableCapacity"`
+
+	// Tags associated with the dedicated host.
+	Tags map[string]string `json:"tags,omitempty"`
 }
 
 // MarketType describes the market type of an Instance