provisioner: Add support to fetch kbs nodeport service ip

[kartikjoshi21]

Fixes: #1809

[kartikjoshi21]

Steps to test this PR:

export AZURE_RESOURCE_GROUP="test-kartikPR-1812"
export AZURE_REGION="eastus"
az group create --name "${AZURE_RESOURCE_GROUP}" \
    --location "${AZURE_REGION}"

export AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
export USER_ASSIGNED_IDENTITY_NAME="caa-${AZURE_RESOURCE_GROUP}"
az identity create \
    --name "${USER_ASSIGNED_IDENTITY_NAME}" \
    --resource-group "${AZURE_RESOURCE_GROUP}" \
    --location "${AZURE_REGION}" \
    --subscription "${AZURE_SUBSCRIPTION_ID}"

export PRINCIPAL_ID="$(az identity show \
    --name "${USER_ASSIGNED_IDENTITY_NAME}" \
    --resource-group "${AZURE_RESOURCE_GROUP}" \
    --subscription "${AZURE_SUBSCRIPTION_ID}" --query principalId -otsv)"

sleep 30
az role assignment create \
    --role Contributor \
    --assignee-object-id "${PRINCIPAL_ID}" \
    --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}"

export AZURE_CLIENT_ID="$(az identity show \
    --resource-group "${AZURE_RESOURCE_GROUP}" \
    --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv)"

export CLUSTER_NAME="e2e"
export AZURE_IMAGE_ID="/CommunityGalleries/cocopodvm-d0e4f35f-5530-4b9c-8596-112487cdea85/Images/podvm_image0/Versions/2024.04.17"

# Docker image for KBS
# https://github.com/confidential-containers/kbs/pkgs/container/staged-images%2Fkbs

cat <<EOF >/tmp/provision_azure.properties
AZURE_CLIENT_ID="${AZURE_CLIENT_ID}"
AZURE_SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}"
RESOURCE_GROUP_NAME="${AZURE_RESOURCE_GROUP}"
CLUSTER_NAME="${CLUSTER_NAME}"
LOCATION="${AZURE_REGION}"
SSH_KEY_ID="id_rsa.pub"
AZURE_IMAGE_ID="${AZURE_IMAGE_ID}"

AZURE_CLI_AUTH="true"
MANAGED_IDENTITY_NAME="${USER_ASSIGNED_IDENTITY_NAME}"

# Deploy the same one that is merged on the CAA main
KBS_IMAGE="ghcr.io/confidential-containers/staged-images/kbs"
KBS_IMAGE_TAG="dc01f454264fb4350e5f69eba05683a9a1882c41"

# Get the tag from: https://quay.io/repository/confidential-containers/cloud-api-adaptor?tab=tags&tag=latest
CAA_IMAGE="quay.io/confidential-containers/cloud-api-adaptor:d32c2e6f92dd610a688c78d92c463f39781b8416"
EOF

pushd src/cloud-api-adaptor/
ssh-keygen -t rsa -b 4096 -f install/overlays/azure/id_rsa -N "" -C dev@coco.io

pushd test/tools
git clone git@github.com:confidential-containers/trustee.git

pushd trustee
git checkout dc01f454264fb4350e5f69eba05683a9a1882c41
popd
popd

# Now open a new terminal

export TEST_PROVISION_FILE=/tmp/provision_azure.properties
export CLOUD_PROVIDER=azure
export BUILTIN_CLOUD_PROVIDERS=azure
export DEPLOY_KBS=true
export TEST_PROVISION=true

pushd test/tools
make caa-provisioner-cli
./caa-provisioner-cli -action=provision

popd

#  k get nodes -o wide
NAME                             STATUS   ROLES   AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE
  KERNEL-VERSION      CONTAINER-RUNTIME
aks-caaaks-33683852-vmss000000   Ready    agent   7m11s   v1.28.5   10.224.0.4    <none>        Ubuntu 22.04.4 LTS   5.15.0-1060-azure   containerd://1.7.15-1

#k get svc -n coco-tenant
NAME   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
kbs    NodePort   10.0.237.161   <none>        8080:32480/TCP   6m6s

Check peerpod cm

# k describe cm peer-pods-cm -n confidential-containers-system
azure
AA_KBC_PARAMS:
----
cc_kbc::http://10.224.0.4:32480

[huoqifeng]

Thanks @kartikjoshi21 I added a comment...

[kartikjoshi21]

@mkulke @huoqifeng updated code and logs, Thanks.

[huoqifeng]

Looks some CI errors?

[surajssd]

Functionality wise, this has worked for me.

[kartikjoshi21]

Looks some CI errors?

It was unrelated, retriggered.

[huoqifeng]

LGTM, thanks @kartikjoshi21