use annotations for skipping private plan

charts/internal/machineclass/templates/machineclass.yaml

@@ -18,6 +18,10 @@ kind: MachineClass
 metadata:
   name: {{ $machineClass.name }}
   namespace: {{ $.Release.Namespace }}
+  annotations:
+    {{- if $machineClass.annotations }}
+{{ toYaml $machineClass.annotations | indent 4 }}
+    {{- end }}
   labels:
     {{- if $machineClass.operatingSystem }}
 {{ toYaml $machineClass.operatingSystem | indent 4 }}

pkg/azure/types.go

@@ -143,7 +143,19 @@ const (
 	SeedLabelKeyUseFlow = AnnotationKeyUseFlow
 	// SeedLabelUseFlowValueNew is the value to restrict flow reconciliation to new shoot clusters
 	SeedLabelUseFlowValueNew = "new"
+
+	// BetaSkipMarketPlaceAgreementAnnotation when present will instruct the worker controller to create machine classes that skip the marketplace agreement by MCM.
+	BetaSkipMarketPlaceAgreementAnnotation = "beta.azure.provider.extensions.gardener.cloud/skip-marketplace-agreement"
+	// BetaSkipMarketPlaceAgreementMCMAnnotation is a const for the annotation expected by mcm-azure to skip marketplace agreements.
+	BetaSkipMarketPlaceAgreementMCMAnnotation = "beta.azure.machine.sapcloud.io/skip-marketplace-agreement"
 )
 
-// UsernamePrefix is a constant for the username prefix of components deployed by Azure.
-var UsernamePrefix = extensionsv1alpha1.SchemeGroupVersion.Group + ":" + Name + ":"
+var (
+	// UsernamePrefix is a constant for the username prefix of components deployed by Azure.
+	UsernamePrefix = extensionsv1alpha1.SchemeGroupVersion.Group + ":" + Name + ":"
+	// ConfidentialVMFamilyPrefixes is a list of known families that are used for confidential VMs.
+	ConfidentialVMFamilyPrefixes = []string{
+		"standard_ec",
+		"standard_dc",
+	}
+)

pkg/controller/worker/machines.go

@@ -28,6 +28,7 @@ import (
 	"github.com/gardener/gardener-extension-provider-azure/charts"
 	azureapi "github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure"
 	azureapihelper "github.com/gardener/gardener-extension-provider-azure/pkg/apis/azure/helper"
+	"github.com/gardener/gardener-extension-provider-azure/pkg/azure"
 )
 
 const azureCSIDiskDriverTopologyKey = "topology.disk.csi.azure.com/zone"
@@ -105,7 +106,7 @@ func (w *workerDelegate) generateMachineConfig(ctx context.Context) error {
 		return err
 	}
 
-	if v, ok := w.cluster.Shoot.GetAnnotations()["azure.provider.extensions.gardener.cloud/skip-marketplace-agreement"]; ok {
+	if v, ok := w.cluster.Shoot.GetAnnotations()[azure.BetaSkipMarketPlaceAgreementAnnotation]; ok {
 		for _, p := range strings.Split(v, ",") {
 			skipAgreementPools.Insert(p)
 		}
@@ -145,8 +146,10 @@ func (w *workerDelegate) generateMachineConfig(ctx context.Context) error {
 		} else {
 			image["id"] = *id
 		}
+
+		machineClassAnnotations := map[string]string{}
 		if skipAgreementPools.Has(pool.Name) {
-			image["privatePlan"] = true
+			machineClassAnnotations[azure.BetaSkipMarketPlaceAgreementMCMAnnotation] = "true"
 		}
 
 		disks, err := computeDisks(pool)
@@ -175,6 +178,7 @@ func (w *workerDelegate) generateMachineConfig(ctx context.Context) error {
 				}
 
 				machineClassSpec = utils.MergeMaps(map[string]interface{}{
+					"annotations":   machineClassAnnotations,
 					"region":        w.worker.Spec.Region,
 					"resourceGroup": infrastructureStatus.ResourceGroup.Name,
 					"tags":          w.getVMTags(pool),
@@ -486,10 +490,12 @@ func (w *workerDelegate) generateWorkerPoolHash(pool extensionsv1alpha1.WorkerPo
 	return workerPoolHash, nil
 }
 
-// TODO(AK): Remove when we have support for VM Capabilities
+// TODO: Remove when we have support for VM Capabilities
 func (w *workerDelegate) isConfidentialVM(family string) bool {
-	if strings.HasPrefix(strings.ToLower(family), "standard_ec") || strings.HasPrefix(strings.ToLower(family), "standard_dc") {
-		return true
+	for _, v := range azure.ConfidentialVMFamilyPrefixes {
+		if strings.HasPrefix(strings.ToLower(family), strings.ToLower(v)) {
+			return true
+		}
 	}
 	return false
 }