Register Windows nodes with uninitialized cloud taint

[mboersma]

What type of PR is this?

/kind bug

What this PR does / why we need it:

Adds register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule to the Windows worker kubeletExtraArgs in every CAPZ cluster template (and flavor source) that has cloud-provider: external for Windows.

Why

The cloud-provider-azure-ccm-windows-capz prow job has been failing because Windows nodes register without the node.cloudprovider.kubernetes.io/uninitialized taint. Without that taint, the cloud-node-manager daemonset on the workload cluster logs Node has no cloud taint, skipping initialization, the providerID never gets set on the Node, and MachineDeployment readiness never converges.

Linux nodes in the same run get the taint applied (the Linux CNM log shows Initializing node with cloud provider -> Successfully initialized node with cloud provider), so something about how cloud-provider: external gets translated through kubeadm join → KubeletConfiguration strategic-merge patch → Windows kubelet 1.37-alpha is no longer producing the taint on Windows. The root cause is somewhere in the kubeadm/kubelet/Windows stack, and there's an upstream issue to file with the per-node kubeadm-flags.env and config.yaml.

In the meantime, explicitly registering the taint via kubeletExtraArgs.register-with-taints makes the behavior independent of any cloud-provider flag translation. The cloud-node-manager will clear the taint after initializing the node, and the rest of the flow proceeds as before. Linux is unaffected (it already gets the same taint via its own path; this just makes it explicit on Windows).

Which issue(s) this PR fixes:
Refs the failing job: https://prow.k8s.io/view/gs/kubernetes-ci-logs/logs/cloud-provider-azure-ccm-windows-capz/2053505513055850496

See also kubernetes-sigs/image-builder#2009

Special notes for your reviewer:

• Edited only the four Windows flavor sources (templates/flavors/windows/, templates/flavors/windows-apiserver-ilb/, templates/flavors/machinepool-windows/, templates/test/ci/prow-clusterclass-ci-default/) and ran make generate-flavors; the rest of the diff is regenerated output.
• No Linux templates are touched.
• Workaround, not a root-cause fix. Tracking the upstream behavior change separately.

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

Register Windows nodes with uninitialized cloud taint

[mboersma]

/cherry-pick release-1.24

[k8s-infra-cherrypick-robot]

@mboersma: once the present PR merges, I will cherry-pick it on top of release-1.24 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.24

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mboersma]

/cherry-pick release-1.23

[k8s-infra-cherrypick-robot]

@mboersma: once the present PR merges, I will cherry-pick it on top of release-1.23 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.84%. Comparing base (0d3a836) to head (53254ff).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6293      +/-   ##
==========================================
- Coverage   43.84%   43.84%   -0.01%     
==========================================
  Files         289      289              
  Lines       25346    25346              
==========================================
- Hits        11114    11112       -2     
- Misses      13458    13460       +2     
  Partials      774      774              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mboersma]

/test pull-cluster-api-provider-azure-capi-e2e

[mboersma]

/cc @Liunardy

[k8s-ci-robot]

@mboersma: GitHub didn't allow me to request PR reviews from the following users: Liunardy.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

/cc @Liunardy

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mboersma]

/test pull-cluster-api-provider-azure-conformance-ipv6-with-ci-artifacts

[mboersma]

/test pull-cluster-api-provider-azure-conformance-with-ci-artifacts-dra

[k8s-ci-robot]

@mboersma: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-azure-conformance-with-ci-artifacts-dra	53254ff	link	false	/test pull-cluster-api-provider-azure-conformance-with-ci-artifacts-dra
pull-cluster-api-provider-azure-conformance-ipv6-with-ci-artifacts	53254ff	link	false	/test pull-cluster-api-provider-azure-conformance-ipv6-with-ci-artifacts

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jackfrancis]

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Details

Git tree hash: 303eed7a40232e797cf30cfa135e751b05f37c7b

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackfrancis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jackfrancis]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-infra-cherrypick-robot]

@mboersma: new pull request created: #6294

Details

In response to this:

/cherry-pick release-1.24

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-infra-cherrypick-robot]

@mboersma: new pull request created: #6295

Details

In response to this:

/cherry-pick release-1.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.