[azure] Verify tags

[zuzzas]

What this PR does / why we need it:

Tag verification has been disabled back in May of 2019 by @prashanth26.

We can deduce that it was done due to Azure's unique ability to group resources in Resource Groups. Gardener project, presumably, packs all VMs (and relevant objects) into a single Resource Group (hence no need for tag verification).

That does not work for us, since we deploy master VMs near VMs that are managed by MCM and backed by Machine objects. It also seems weird that there are tags present in AzureMachineClass CRD, but are not used to verify actual objects.

Special notes for your reviewer:

Release note:

Restored tag verification in the Azure driver to filter VMs/disks/NICs based on tags

[gardener-robot]

@zuzzas Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @zuzzas for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[hardikdr]

@zuzzas thanks for the PR, we'll take a look soon.

[hardikdr]

/ok-to-test

[hardikdr]

We can deduce that it was done due to Azure's unique ability to group resources in Resource Groups. Gardener project, presumably, packs all VMs (and relevant objects) into a single Resource Group (hence no need for tag verification).

Yes, though Azure helps in uniquely identifying the resources via resourceGroups, we still add tags to maintain the homogeneity across clouds. Also, tags on the VMs are specifically needed for certain aspects of Kubernetes to work properly, to identify if VMs belongs to the specific cluster or not, not sure if it's still the case, it was clearly sometime back.

Overall, the changes don't look breaking to me, I'd wait for comments from @prashanth26 @ggaurav10.

/lgtm otherwise.

cc @dkistner

[prashanth26]

Tag verification has been disabled back in May of 2019 by @prashanth26.

This reason this was disabled back then was because we had observed Azure having bugs with tagging resources in the past and hence we stuck to just resource group-based filtering, I hope this doesn't affect us anymore.

cc: @amshuman-kr

[zuzzas]

@prashanth26
We've tested the proposed filtering on existing Azure clusters. Perhaps, it can have some adverse effects on large installations, but we haven't found any bugs yet.

[CLAassistant]

All committers have signed the CLA.

[hardikdr]

/lgtm

[prashanth26]

@prashanth26
We've tested the proposed filtering on existing Azure clusters. Perhaps, it can have some adverse effects on large installations, but we haven't found any bugs yet.

We ran into this corner case when we ended up with hundreds of orphan VMs/NICs had didn't seem to contain these tags anymore, although we had explicitly tagged them during creation. And this leads to these orphan VMs. Anyways I hope this doesn't occur anymore and we can merge this in and re-introduce this if we observe such issues again.

[prashanth26]

/lgtm let's merge it in for now. If we see issues re-occurring we can take a second call later.

[hardikdr]

@zuzzas the check step is failing with, can you please correct it.

+ pull-request-gardener_machine-controller-manager-pr_master/.ci/check
15:57:56
Running go vet...
15:58:29
# github.com/gardener/machine-controller-manager/pkg/driver
15:58:29
pkg/driver/driver_azure.go:717:5: Infof format %q has arg server.Name of wrong type *string
15:58:29
pkg/driver/driver_azure.go:769:5: Infof format %q has arg nic.Name of wrong type *string
15:58:29
pkg/driver/driver_azure.go:825:6: Infof format %q has arg disk.Name of wrong type *string

Also, the unit-test is failing for the same reason, causing test step to fail.

[zuzzas]

@hardikdr
That's what I get for trusting Goland IDE too much. Fixed!

[hardikdr]

The test step is now failing due to an issue with an internal CI cluster, will fix it soon, and merge.

[hardikdr]

/ok-to-test

[prashanth26]

/lgtm