fix: fix the atm feature related bugs

api/v1alpha1/trafficmanagerbackend_types.go

@@ -10,7 +10,7 @@ const (
 // +kubebuilder:resource:scope=Namespaced,categories={fleet-networking},shortName=tmb
 // +kubebuilder:subresource:status
 // +kubebuilder:printcolumn:JSONPath=`.spec.profile.name`,name="Profile",type=string
-// +kubebuilder:printcolumn:JSONPath=`.spec.endpointRef.name`,name="Backend",type=string
+// +kubebuilder:printcolumn:JSONPath=`.spec.backend.name`,name="Backend",type=string
 // +kubebuilder:printcolumn:JSONPath=`.status.conditions[?(@.type=='Accepted')].status`,name="Is-Accepted",type=string
 // +kubebuilder:printcolumn:JSONPath=`.metadata.creationTimestamp`,name="Age",type=date
 

charts/hub-net-controller-manager/templates/rbac.yaml

@@ -137,6 +137,60 @@ rules:
     - get
     - list
     - watch
+{{- if .Values.enableTrafficManagerFeature }}
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerbackends
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerbackends/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerbackends/status
+  verbs:
+    - get
+    - patch
+    - update
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerprofiles
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerprofiles/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - networking.fleet.azure.com
+  resources:
+    - trafficmanagerprofiles/status
+  verbs:
+    - get
+    - patch
+    - update
+{{- end }}
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

cmd/hub-net-controller-manager/main.go

@@ -42,6 +42,8 @@ import (
 	"go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceimport"
 	"go.goms.io/fleet-networking/pkg/controllers/hub/membercluster"
 	"go.goms.io/fleet-networking/pkg/controllers/hub/serviceimport"
+	"go.goms.io/fleet-networking/pkg/controllers/hub/trafficmanagerbackend"
+	"go.goms.io/fleet-networking/pkg/controllers/hub/trafficmanagerprofile"
 )
 
 var (
@@ -200,13 +202,33 @@ func main() {
 		cloudConfig.SetUserAgent("fleet-hub-net-controller-manager")
 		klog.V(1).InfoS("Cloud config loaded", "cloudConfig", cloudConfig)
 
-		_, _, err = initAzureTrafficManagerClients(cloudConfig) // profilesClient, endpointsClient, err
+		profilesClient, endpointsClient, err := initAzureTrafficManagerClients(cloudConfig) // profilesClient, endpointsClient, err
 		if err != nil {
 			klog.ErrorS(err, "Unable to create Azure Traffic Manager clients")
 			exitWithErrorFunc()
 		}
+		klog.V(1).InfoS("Start to setup TrafficManagerProfile controller")
+		if err := (&trafficmanagerprofile.Reconciler{
+			Client:            mgr.GetClient(),
+			ProfilesClient:    profilesClient,
+			ResourceGroupName: cloudConfig.ResourceGroup,
+		}).SetupWithManager(mgr); err != nil {
+			klog.ErrorS(err, "Unable to create TrafficManagerProfile controller")
+			exitWithErrorFunc()
+		}
 
-		// TODO: start the traffic manager controllers
+		klog.V(1).InfoS("Start to setup TrafficManagerBackend controller")
+		if err := (&trafficmanagerbackend.Reconciler{
+			Client:            mgr.GetClient(),
+			ProfilesClient:    profilesClient,
+			EndpointsClient:   endpointsClient,
+			ResourceGroupName: cloudConfig.ResourceGroup,
+			// serviceImport controller has already enabled the internalServiceExportIndexer.
+			// Therefore, no need to setup it again.
+		}).SetupWithManager(ctx, mgr, true); err != nil {
+			klog.ErrorS(err, "Unable to create TrafficManagerProfile controller")
+			exitWithErrorFunc()
+		}
 	}
 
 	klog.V(1).InfoS("Starting ServiceExportImport controller manager")

config/crd/bases/networking.fleet.azure.com_trafficmanagerbackends.yaml

@@ -22,7 +22,7 @@ spec:
     - jsonPath: .spec.profile.name
       name: Profile
       type: string
-    - jsonPath: .spec.endpointRef.name
+    - jsonPath: .spec.backend.name
       name: Backend
       type: string
     - jsonPath: .status.conditions[?(@.type=='Accepted')].status

config/rbac/role.yaml

@@ -63,6 +63,7 @@ rules:
   - multiclusterservices
   - serviceexports
   - serviceimports
+  - trafficmanagerbackends
   - trafficmanagerprofiles
   verbs:
   - create
@@ -86,6 +87,7 @@ rules:
   - multiclusterservices/status
   - serviceexports/status
   - serviceimports/status
+  - trafficmanagerbackends/status
   - trafficmanagerprofiles/status
   verbs:
   - get
@@ -96,6 +98,7 @@ rules:
   resources:
   - multiclusterservices/finalizers
   - serviceimports/finalizers
+  - trafficmanagerbackends/finalizers
   - trafficmanagerprofiles/finalizers
   verbs:
   - get

go.mod

@@ -22,7 +22,7 @@ require (
 	sigs.k8s.io/controller-runtime v0.19.0
 )
 
-require go.goms.io/fleet v0.11.3
+require go.goms.io/fleet v0.11.4
 
 require (
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
@@ -36,7 +36,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
@@ -46,7 +46,7 @@ require (
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -61,7 +61,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect

go.sum

@@ -34,8 +34,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0 h1:e3kTG23M5ps+DjvPolK4dcgohDY8sHsXU7zrdHj1WzY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0/go.mod h1:Os5dq8Cvvz97rJauZhZJAfKHN+OEvF/0nVmHzF4aVys=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0 h1:TkNl6WlpHdZSMt0Zngw8y0c9ZMi3GwmYl0kKNbW9PvU=
-github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.2.0/go.mod h1:ukmL56lWl275SgNFijuwx0Wv6n6HmzzpPWW4kMoy/wY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0 h1:WLUIpeyv04H0RCcQHaA4TNoyrQ39Ox7V+re+iaqzTe0=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.0/go.mod h1:hd8hTTIY3VmUVPRHNH7GVCHO3SHgXkJKZHReby/bnUQ=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -62,8 +62,8 @@ github.com/Azure/k8s-work-api v0.5.0 h1:DVOBt68NFTEVVV+vzz82WdTm4lroXuMd9ktfrfb/
 github.com/Azure/k8s-work-api v0.5.0/go.mod h1:CQiDOlNvMeKvGVer80PtvbW9X1cXq7EID9aMXyxkqPU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -101,8 +101,9 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -189,8 +190,8 @@ github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcY
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.goms.io/fleet v0.11.3 h1:G4akagX4mRPWH2kPOIBTz0y092BhIU7UUiKCF7Aaw1k=
-go.goms.io/fleet v0.11.3/go.mod h1:8A7mAC8R+ivt2XikOGCiaZnUAWbG4DxPBGnxV9+VmGQ=
+go.goms.io/fleet v0.11.4 h1:qiGaQGAlssmHJ9WExhEeIZ/fHtYCYJ1NffDlna+OTYk=
+go.goms.io/fleet v0.11.4/go.mod h1:p7OKL5BHoWHkkQZa8nWOh+OW6ywnIxFTX/rjjoR3jnE=
 go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
 go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
 go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=

pkg/common/objectmeta/objectmeta.go

@@ -54,5 +54,6 @@ const (
 // Azure Resource Tags
 const (
 	// AzureTrafficManagerProfileTagKey is the key of the Azure Traffic Manager profile tag when the controller creates it.
-	AzureTrafficManagerProfileTagKey = fleetNetworkingPrefix + "trafficManagerProfile"
+	// Note: The tag name cannot have reserved characters '<,>,%,&,\\,?,/' or control characters.
+	AzureTrafficManagerProfileTagKey = "fleet-networking-trafficManagerProfile"
 )

pkg/controllers/hub/trafficmanagerbackend/controller.go

@@ -505,7 +505,7 @@ func generateAzureTrafficManagerEndpoint(backend *fleetnetv1alpha1.TrafficManage
 	endpointName := fmt.Sprintf(AzureResourceEndpointNameFormat, generateAzureTrafficManagerEndpointNamePrefixFunc(backend), backend.Spec.Backend.Name, service.Spec.ServiceReference.ClusterID)
 	return armtrafficmanager.Endpoint{
 		Name: &endpointName,
-		Type: ptr.To(string(armtrafficmanager.EndpointTypeAzureEndpoints)),
+		Type: ptr.To(string("Microsoft.Network/trafficManagerProfiles/" + armtrafficmanager.EndpointTypeAzureEndpoints)),
 		Properties: &armtrafficmanager.EndpointProperties{
 			TargetResourceID: service.Spec.PublicIPResourceID,
 			EndpointStatus:   ptr.To(armtrafficmanager.EndpointStatusEnabled),
@@ -611,7 +611,7 @@ func (r *Reconciler) updateTrafficManagerEndpointsAndUpdateStatusIfUnknown(ctx c
 }
 
 // SetupWithManager sets up the controller with the Manager.
-func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {
+func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, disableInternalServiceExportIndexer bool) error {
 	// set up an index for efficient trafficManagerBackend lookup
 	profileIndexerFunc := func(o client.Object) []string {
 		tmb, ok := o.(*fleetnetv1alpha1.TrafficManagerBackend)
@@ -638,16 +638,18 @@ func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) err
 	}
 
 	// add index to quickly query internalServiceExport list by service
-	internalServiceExportIndexerFunc := func(o client.Object) []string {
-		name, ok := o.(*fleetnetv1alpha1.InternalServiceExport)
-		if !ok {
-			return []string{}
+	if !disableInternalServiceExportIndexer {
+		internalServiceExportIndexerFunc := func(o client.Object) []string {
+			name, ok := o.(*fleetnetv1alpha1.InternalServiceExport)
+			if !ok {
+				return []string{}
+			}
+			return []string{name.Spec.ServiceReference.NamespacedName}
+		}
+		if err := mgr.GetFieldIndexer().IndexField(ctx, &fleetnetv1alpha1.InternalServiceExport{}, exportedServiceFieldNamespacedName, internalServiceExportIndexerFunc); err != nil {
+			klog.ErrorS(err, "Failed to create index", "field", exportedServiceFieldNamespacedName)
+			return err
 		}
-		return []string{name.Spec.ServiceReference.NamespacedName}
-	}
-	if err := mgr.GetFieldIndexer().IndexField(ctx, &fleetnetv1alpha1.InternalServiceExport{}, exportedServiceFieldNamespacedName, internalServiceExportIndexerFunc); err != nil {
-		klog.ErrorS(err, "Failed to create index", "field", exportedServiceFieldNamespacedName)
-		return err
 	}
 
 	return ctrl.NewControllerManagedBy(mgr).

pkg/controllers/hub/trafficmanagerbackend/suite_test.go

@@ -279,7 +279,7 @@ var _ = BeforeSuite(func() {
 		ProfilesClient:    profileClient,
 		EndpointsClient:   endpointClient,
 		ResourceGroupName: fakeprovider.DefaultResourceGroupName,
-	}).SetupWithManager(ctx, mgr)
+	}).SetupWithManager(ctx, mgr, false)
 	Expect(err).ToNot(HaveOccurred())
 
 	By("Create profile namespace")

test/common/trafficmanager/fakeprovider/endpoint.go

@@ -92,7 +92,7 @@ func EndpointCreateOrUpdate(_ context.Context, resourceGroupName string, profile
 					Weight:           ptr.To(Weight),
 					Target:           ptr.To(ValidEndpointTarget),
 				},
-				Type: ptr.To(string(armtrafficmanager.EndpointTypeAzureEndpoints)),
+				Type: ptr.To(string(azureTrafficManagerEndpointTypePrefix + armtrafficmanager.EndpointTypeAzureEndpoints)),
 			},
 		}
 		resp.SetResponse(http.StatusOK, endpointResp, nil)

test/common/trafficmanager/fakeprovider/profile.go

@@ -41,10 +41,9 @@ const (
 	CreateBadRequestErrEndpointClusterName     = "create-bad-request-endpoint-cluster"
 	CreateInternalServerErrEndpointClusterName = "create-internal-err-endpoint-cluster"
 
-	ProfileDNSNameFormat = "%s.trafficmanager.net"
-)
+	ProfileDNSNameFormat                  = "%s.trafficmanager.net"
+	azureTrafficManagerEndpointTypePrefix = "Microsoft.Network/trafficManagerProfiles/"
 
-const (
 	ProfileNamespace = "profile-ns" // so that the atm profile is predictable
 )
 
@@ -119,7 +118,7 @@ func ProfileGet(_ context.Context, resourceGroupName string, profileName string,
 						TargetResourceID: ptr.To(ValidPublicIPResourceID),
 						Weight:           ptr.To(Weight),
 					},
-					Type: ptr.To(string(armtrafficmanager.EndpointTypeAzureEndpoints)),
+					Type: ptr.To(string(azureTrafficManagerEndpointTypePrefix + armtrafficmanager.EndpointTypeAzureEndpoints)),
 				},
 				{
 					Name: ptr.To("other-endpoint"),