Added dedicated hosts support for AWS

vr4manta · vr4manta · commit eb7c6cd229ba · 2025-10-29T11:42:53.000-04:00
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
@@ -474,6 +474,7 @@ func (optr *Operator) maoConfigFromInfrastructure() (*OperatorConfig, error) {
 	// flags, we selectively populate the map (and therefore passed
 	// as args)
 	features := map[string]bool{
+		string(apifeatures.FeatureGateAWSDedicatedHosts):       featureGates.Enabled(apifeatures.FeatureGateAWSDedicatedHosts),
 		string(apifeatures.FeatureGateMachineAPIMigration):     featureGates.Enabled(apifeatures.FeatureGateMachineAPIMigration),
 		string(apifeatures.FeatureGateAzureWorkloadIdentity):   featureGates.Enabled(apifeatures.FeatureGateAzureWorkloadIdentity),
 		string(apifeatures.FeatureGateVSphereMultiDisk):        featureGates.Enabled(apifeatures.FeatureGateVSphereMultiDisk),
diff --git a/pkg/operator/operator_test.go b/pkg/operator/operator_test.go
@@ -45,13 +45,15 @@ var (
 		{Name: apifeatures.FeatureGateAzureWorkloadIdentity},
 		{Name: apifeatures.FeatureGateVSphereMultiDisk},
 		{Name: apifeatures.FeatureGateVSphereHostVMGroupZonal},
+		{Name: apifeatures.FeatureGateAWSDedicatedHosts},
 	}
 
 	enabledFeatureMap = map[string]bool{
 		"MachineAPIMigration":     true,
 		"AzureWorkloadIdentity":   true,
 		"VSphereMultiDisk":        true,
 		"VSphereHostVMGroupZonal": true,
+		"AWSDedicatedHosts":       true,
 	}
 )
 
diff --git a/pkg/operator/sync_test.go b/pkg/operator/sync_test.go
@@ -270,7 +270,7 @@ func Test_ensureDependecyAnnotations(t *testing.T) {
 			input := test.input.DeepCopy()
 			ensureDependecyAnnotations(test.inputHashes, input)
 			if !equality.Semantic.DeepEqual(test.expected, input) {
-				t.Fatalf("unexpected: %s", diff.ObjectDiff(test.expected, input))
+				t.Fatalf("unexpected: %s", diff.Diff(test.expected, input))
 			}
 		})
 	}
diff --git a/pkg/webhooks/machine_webhook.go b/pkg/webhooks/machine_webhook.go
@@ -50,6 +50,11 @@ type systemSpecifications struct {
 type machineArch string
 
 var (
+	// AWS Variables / Defaults
+
+	// awsDedicatedHostNamePattern is used to validate the id of a dedicated host
+	awsDedicatedHostNamePattern = regexp.MustCompile(`^h-[0-9a-f]{17}$`)
+
 	// Azure Defaults
 	defaultAzureVnet = func(clusterID string) string {
 		return fmt.Sprintf("%s-vnet", clusterID)
@@ -897,6 +902,33 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st
 		}
 	}
 
+	// Dedicated host support.
+	// Check if host placement is configured.  If so, then we need to determine placement affinity and validate configs.
+	if providerSpec.HostPlacement != nil {
+		klog.V(4).Infof("Validating AWS Host Placement")
+		placement := *providerSpec.HostPlacement
+		if placement.Affinity == nil {
+			errs = append(errs, field.Required(field.NewPath("spec.hostPlacement.affinity"), "affinity is required and must be set to either AnyAvailable or DedicatedHost"))
+		} else {
+			switch *placement.Affinity {
+			case machinev1beta1.HostAffinityAnyAvailable:
+				// Cannot have DedicatedHost set
+				if placement.DedicatedHost != nil {
+					errs = append(errs, field.Forbidden(field.NewPath("spec.hostPlacement.dedicatedHost"), "dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise"))
+				}
+			case machinev1beta1.HostAffinityDedicatedHost:
+				// We need to make sure DedicatedHost is set with a HostID
+				if placement.DedicatedHost == nil {
+					errs = append(errs, field.Required(field.NewPath("spec.hostPlacement.dedicatedHost"), "dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise"))
+				} else if awsDedicatedHostNamePattern.FindStringSubmatch(placement.DedicatedHost.ID) == nil {
+					errs = append(errs, field.Invalid(field.NewPath("spec.hostPlacement.dedicatedHost.id"), placement.DedicatedHost.ID, "id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)"))
+				}
+			default:
+				errs = append(errs, field.Invalid(field.NewPath("spec.hostPlacement.affinity"), placement.Affinity, "affinity must be either AnyAvailable or DedicatedHost"))
+			}
+		}
+	}
+
 	if len(errs) > 0 {
 		return false, warnings, errs
 	}
diff --git a/pkg/webhooks/machine_webhook_test.go b/pkg/webhooks/machine_webhook_test.go
@@ -316,6 +316,107 @@ func TestMachineCreation(t *testing.T) {
 			},
 			expectedError: "",
 		},
+		{
+			name:         "configure host placement with AnyAvailable affinity",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity: ptr.To(machinev1beta1.HostAffinityAnyAvailable),
+					},
+				},
+			},
+			expectedError: "",
+		},
+		{
+			name:         "configure host placement with invalid affinity",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity: ptr.To(machinev1beta1.HostAffinity("invalid")),
+					},
+				},
+			},
+			expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.affinity: Invalid value: \"invalid\": affinity must be either AnyAvailable or DedicatedHost",
+		},
+		{
+			name:         "configure host placement dedicatedHost without dedicatedHost",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity: ptr.To(machinev1beta1.HostAffinityDedicatedHost),
+					},
+				},
+			},
+			expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost: Required value: dedicatedHost is required when affinity is DedicatedHost",
+		},
+		{
+			name:         "configure host placement dedicatedHost with valid ID",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI: machinev1beta1.AWSResourceReference{
+						ID: ptr.To[string]("ami"),
+					},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity:      ptr.To(machinev1beta1.HostAffinityDedicatedHost),
+						DedicatedHost: &machinev1beta1.DedicatedHost{ID: "h-1234567890abcdef0"},
+					},
+				},
+			},
+			expectedError: "",
+		},
+		{
+			name:         "configure host placement AnyAvailable forbids dedicatedHost",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI:          machinev1beta1.AWSResourceReference{ID: ptr.To[string]("ami")},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity:      ptr.To(machinev1beta1.HostAffinityAnyAvailable),
+						DedicatedHost: &machinev1beta1.DedicatedHost{ID: "h-09dcf61cb388b0149"},
+					},
+				},
+			},
+			expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost: Forbidden: dedicatedHost is required when affinity is DedicatedHost, and forbidden otherwise",
+		},
+		{
+			name:         "configure host placement dedicatedHost with empty ID",
+			platformType: osconfigv1.AWSPlatformType,
+			clusterID:    "aws-cluster",
+			providerSpecValue: &kruntime.RawExtension{
+				Object: &machinev1beta1.AWSMachineProviderConfig{
+					AMI:          machinev1beta1.AWSResourceReference{ID: ptr.To[string]("ami")},
+					InstanceType: "test",
+					HostPlacement: &machinev1beta1.HostPlacement{
+						Affinity:      ptr.To(machinev1beta1.HostAffinityDedicatedHost),
+						DedicatedHost: &machinev1beta1.DedicatedHost{ID: ""},
+					},
+				},
+			},
+			expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost.id: Invalid value: \"\": id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)",
+		},
 		{
 			name:              "with Azure and a nil provider spec value",
 			platformType:      osconfigv1.AzurePlatformType,
@@ -1958,7 +2059,7 @@ func TestMachineUpdate(t *testing.T) {
 					Object: object,
 				}
 			},
-			expectedError: `providerSpec.tagIDs: Invalid value: []string{"urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9500:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9501:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9502:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9503:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9504:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9505:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9506:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9507:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9508:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9509:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9510:GLOBAL", "urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9511:GLOBAL"}: a maximum of 10 tags are allowed`,
+			expectedError: `providerSpec.tagIDs: Invalid value: ["urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9500:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9501:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9502:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9503:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9504:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9505:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9506:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9507:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9508:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9509:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9510:GLOBAL","urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9511:GLOBAL"]: a maximum of 10 tags are allowed`,
 		},
 		{
 			name:         "with an VSphere ProviderSpec, removing the template",
@@ -3300,7 +3401,7 @@ func TestValidateAzureProviderSpec(t *testing.T) {
 				CloudName: osconfigv1.AzurePublicCloud,
 			},
 			expectedOk:    false,
-			expectedError: "providerSpec.diagnostics.boot.customerManaged: Invalid value: v1beta1.AzureCustomerManagedBootDiagnostics{StorageAccountURI:\"https://storageaccount.blob.core.windows.net/\"}: customerManaged may not be set when type is AzureManaged",
+			expectedError: "providerSpec.diagnostics.boot.customerManaged: Invalid value: {\"storageAccountURI\":\"https://storageaccount.blob.core.windows.net/\"}: customerManaged may not be set when type is AzureManaged",
 		},
 		{
 			testCase: "with Customer Managed boot diagnostics, with a missing storage account URI",
@@ -3883,7 +3984,7 @@ func TestValidateGCPProviderSpec(t *testing.T) {
 				}
 			},
 			expectedOk:    false,
-			expectedError: "providerSpec.gpus: Too many: 2: must have at most 1 items",
+			expectedError: "providerSpec.gpus: Too many: 2: must have at most 1 item",
 		},
 		{
 			testCase: "with no gpus",
diff --git a/pkg/webhooks/machineset_webhook_test.go b/pkg/webhooks/machineset_webhook_test.go
@@ -1047,7 +1047,7 @@ func TestMachineSetUpdate(t *testing.T) {
 			updateMachineSet: func(ms *machinev1beta1.MachineSet) {
 				ms.Spec.Selector.MatchLabels["foo"] = "bar"
 			},
-			expectedError: "[spec.selector: Forbidden: selector is immutable, spec.template.metadata.labels: Invalid value: map[string]string{\"machineset-name\":\"machineset-update-abcd\"}: `selector` does not match template `labels`]",
+			expectedError: "[spec.selector: Forbidden: selector is immutable, spec.template.metadata.labels: Invalid value: {\"machineset-name\":\"machineset-update-abcd\"}: `selector` does not match template `labels`]",
 		},
 		{
 			name:         "with an incompatible template labels",
@@ -1061,7 +1061,7 @@ func TestMachineSetUpdate(t *testing.T) {
 					"foo": "bar",
 				}
 			},
-			expectedError: "spec.template.metadata.labels: Invalid value: map[string]string{\"foo\":\"bar\"}: `selector` does not match template `labels`",
+			expectedError: "spec.template.metadata.labels: Invalid value: {\"foo\":\"bar\"}: `selector` does not match template `labels`",
 		},
 		{
 			name:         "with a valid PowerVS ProviderSpec",

Original file line number	Diff line number	Diff line change
`@@ -45,13 +45,15 @@ var (`
`45`	`45`	`{Name: apifeatures.FeatureGateAzureWorkloadIdentity},`
`46`	`46`	`{Name: apifeatures.FeatureGateVSphereMultiDisk},`
`47`	`47`	`{Name: apifeatures.FeatureGateVSphereHostVMGroupZonal},`
	`48`	`+ {Name: apifeatures.FeatureGateAWSDedicatedHosts},`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`enabledFeatureMap = map[string]bool{`
`51`	`52`	`"MachineAPIMigration": true,`
`52`	`53`	`"AzureWorkloadIdentity": true,`
`53`	`54`	`"VSphereMultiDisk": true,`
`54`	`55`	`"VSphereHostVMGroupZonal": true,`
	`56`	`+ "AWSDedicatedHosts": true,`
`55`	`57`	`}`
`56`	`58`	`)`
`57`	`59`
Original file line number	Diff line number	Diff line change
`@@ -270,7 +270,7 @@ func Test_ensureDependecyAnnotations(t *testing.T) {`
`270`	`270`	`input := test.input.DeepCopy()`
`271`	`271`	`ensureDependecyAnnotations(test.inputHashes, input)`
`272`	`272`	`if !equality.Semantic.DeepEqual(test.expected, input) {`
`273`		`- t.Fatalf("unexpected: %s", diff.ObjectDiff(test.expected, input))`
	`273`	`+ t.Fatalf("unexpected: %s", diff.Diff(test.expected, input))`
`274`	`274`	`}`
`275`	`275`	`})`
`276`	`276`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1047,7 +1047,7 @@ func TestMachineSetUpdate(t *testing.T) {`
`1047`	`1047`	`updateMachineSet: func(ms *machinev1beta1.MachineSet) {`
`1048`	`1048`	`ms.Spec.Selector.MatchLabels["foo"] = "bar"`
`1049`	`1049`	`},`
`1050`		- expectedError: "[spec.selector: Forbidden: selector is immutable, spec.template.metadata.labels: Invalid value: map[string]string{\"machineset-name\":\"machineset-update-abcd\"}: `selector` does not match template `labels`]",
	`1050`	+ expectedError: "[spec.selector: Forbidden: selector is immutable, spec.template.metadata.labels: Invalid value: {\"machineset-name\":\"machineset-update-abcd\"}: `selector` does not match template `labels`]",
`1051`	`1051`	`},`
`1052`	`1052`	`{`
`1053`	`1053`	`name: "with an incompatible template labels",`
`@@ -1061,7 +1061,7 @@ func TestMachineSetUpdate(t *testing.T) {`
`1061`	`1061`	`"foo": "bar",`
`1062`	`1062`	`}`
`1063`	`1063`	`},`
`1064`		- expectedError: "spec.template.metadata.labels: Invalid value: map[string]string{\"foo\":\"bar\"}: `selector` does not match template `labels`",
	`1064`	+ expectedError: "spec.template.metadata.labels: Invalid value: {\"foo\":\"bar\"}: `selector` does not match template `labels`",
`1065`	`1065`	`},`
`1066`	`1066`	`{`
`1067`	`1067`	`name: "with a valid PowerVS ProviderSpec",`