Azure Stack cloud provider config

pkg/asset/machines/azure/machines.go

@@ -102,7 +102,7 @@ func provider(platform *azure.Platform, mpool *azure.MachinePool, osImage string
 	}
 
 	managedIdentity := fmt.Sprintf("%s-identity", clusterID)
-	if platform.IsARO() {
+	if platform.IsARO() || platform.CloudName == azure.StackCloud {
 		managedIdentity = ""
 	}
 

pkg/asset/manifests/azure/cloudproviderconfig.go

@@ -12,30 +12,29 @@ type CloudProviderConfig struct {
 	CloudName                azure.CloudEnvironment
 	TenantID                 string
 	SubscriptionID           string
+	AADClientID              string
+	AADClientSecret          string
 	ResourceGroupName        string
 	GroupLocation            string
 	ResourcePrefix           string
 	NetworkResourceGroupName string
 	NetworkSecurityGroupName string
 	VirtualNetworkName       string
 	SubnetName               string
+	ResourceManagerEndpoint  string
 	ARO                      bool
 }
 
 // JSON generates the cloud provider json config for the azure platform.
 // managed resource names are matching the convention defined by capz
 func (params CloudProviderConfig) JSON() (string, error) {
-	useManagedIdentityExtension := true
-	if params.ARO {
-		useManagedIdentityExtension = false
-	}
 
 	config := config{
 		authConfig: authConfig{
 			Cloud:                       params.CloudName.Name(),
 			TenantID:                    params.TenantID,
 			SubscriptionID:              params.SubscriptionID,
-			UseManagedIdentityExtension: useManagedIdentityExtension,
+			UseManagedIdentityExtension: true,
 			// The cloud provider needs the clientID which is only known after terraform has run.
 			// When left empty, the existing managed identity on the VM will be used.
 			// By leaving it empty, we don't have to create the identity before running the installer.
@@ -62,6 +61,20 @@ func (params CloudProviderConfig) JSON() (string, error) {
 		// https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-tcp-reset
 		LoadBalancerSku: "standard",
 	}
+
+	if params.ARO {
+		config.authConfig.UseManagedIdentityExtension = false
+	}
+
+	if params.CloudName == azure.StackCloud {
+		config.authConfig.AADClientID = params.AADClientID
+		config.authConfig.AADClientSecret = params.AADClientSecret
+		config.authConfig.ResourceManagerEndpoint = params.ResourceManagerEndpoint
+		config.authConfig.UseManagedIdentityExtension = false
+		config.LoadBalancerSku = "basic"
+		config.UseInstanceMetadata = false
+	}
+
 	buff := &bytes.Buffer{}
 	encoder := json.NewEncoder(buff)
 	encoder.SetIndent("", "\t")

pkg/asset/manifests/azure/types.go

@@ -1,6 +1,7 @@
 package azure
 
 //authConfig is part of the CloudProviderConfig as defined in https://github.com/kubernetes/kubernetes/blob/v1.13.5/pkg/cloudprovider/providers/azure/auth/azure_auth.go#L32
+//resourceManagerEndpoint has been added based on https://github.com/kubernetes-sigs/cloud-provider-azure/blob/v1.0.3/pkg/auth/azure_auth.go
 type authConfig struct {
 	// The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
 	Cloud string `json:"cloud" yaml:"cloud"`
@@ -22,6 +23,9 @@ type authConfig struct {
 	UserAssignedIdentityID string `json:"userAssignedIdentityID" yaml:"userAssignedIdentityID"`
 	// The ID of the Azure Subscription that the cluster is deployed in
 	SubscriptionID string `json:"subscriptionId" yaml:"subscriptionId"`
+	// ResourceManagerEndpoint is the cloud's resource manager endpoint. If set, cloud provider queries this endpoint
+	// in order to generate an autorest.Environment instance instead of using one of the pre-defined Environments.
+	ResourceManagerEndpoint string `json:"resourceManagerEndpoint,omitempty" yaml:"resourceManagerEndpoint,omitempty"`
 }
 
 //config is the cloud provider config as defined in https://github.com/kubernetes/kubernetes/blob/v1.13.5/pkg/cloudprovider/providers/azure/azure.go#L81

pkg/asset/manifests/cloudproviderconfig.go

@@ -2,6 +2,7 @@ package manifests
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"path/filepath"
 
@@ -39,6 +40,7 @@ var (
 const (
 	cloudProviderConfigDataKey         = "config"
 	cloudProviderConfigCABundleDataKey = "ca-bundle.pem"
+	cloudProviderEndpointsKey          = "endpoints"
 )
 
 // CloudProviderConfig generates the cloud-provider-config.yaml files.
@@ -133,16 +135,27 @@ func (cpc *CloudProviderConfig) Generate(dependencies asset.Parents) error {
 			ResourcePrefix:           clusterID.InfraID,
 			SubscriptionID:           session.Credentials.SubscriptionID,
 			TenantID:                 session.Credentials.TenantID,
+			AADClientID:              session.Credentials.ClientID,
+			AADClientSecret:          session.Credentials.ClientSecret,
 			NetworkResourceGroupName: nrg,
 			NetworkSecurityGroupName: nsg,
 			VirtualNetworkName:       vnet,
 			SubnetName:               subnet,
+			ResourceManagerEndpoint:  installConfig.Config.Azure.ARMEndpoint,
 			ARO:                      installConfig.Config.Azure.IsARO(),
 		}.JSON()
 		if err != nil {
 			return errors.Wrap(err, "could not create cloud provider config")
 		}
 		cm.Data[cloudProviderConfigDataKey] = azureConfig
+
+		if installConfig.Azure.CloudName == azuretypes.StackCloud {
+			b, err := json.Marshal(session.Environment)
+			if err != nil {
+				return errors.Wrap(err, "could not serialize Azure Stack endpoints")
+			}
+			cm.Data[cloudProviderEndpointsKey] = string(b)
+		}
 	case gcptypes.Name:
 		subnet := fmt.Sprintf("%s-worker-subnet", clusterID.InfraID)
 		if installConfig.Config.GCP.ComputeSubnet != "" {