add cloud config parser and update hub-net-controller-manager chart

Azure · Oct 31, 2024 · 868610c · 868610c
1 parent 4749a33
commit 868610c
Show file tree

Hide file tree

Showing 12 changed files with 528 additions and 2 deletions.
diff --git a/charts/hub-net-controller-manager/README.md b/charts/hub-net-controller-manager/README.md
@@ -39,5 +39,40 @@ helm upgrade hub-net-controller-manager ./charts/hub-net-controller-manager/
 | podAnnotations | Pod Annotations | `{}` |
 | affinity | The node affinity to use for pod scheduling | `{}` |
 | tolerations | The toleration to use for pod scheduling | `[]` |
+| config.azureCloudConfig | The Azure cloud provider configuration | **required if AzureTrafficManager feature is enabled** |
+
+## Override Azure cloud config
+
+**If AzureTrafficManager feature is enabled, then an Azure cloud configuration is required.** Azure cloud configuration provides resource metadata and credentials for `fleet-hub-net-controller-manager` and `fleet-member-net-controller-manager` to manipulate Azure resources. It's embedded into a Kubernetes secret and mounted to the pods. The values can be modified under `config.azureCloudConfig` section in values.yaml or can be provided as a separate file.
+
+| configuration value                                   | description | Remark                                                                               |
+|-------------------------------------------------------| --- |--------------------------------------------------------------------------------------|
+| `cloud`                       | The cloud where Azure resources belong. Choose from `AzurePublicCloud`, `AzureChinaCloud`, and `AzureGovernmentCloud`. | Required, helm chart defaults to `AzurePublicCloud`                                  |
+| `tenantId`                    | The AAD Tenant ID for the subscription where the Azure resources are deployed. |                                                                                      |
+| `subscriptionId`              | The ID of the subscription where Azure resources are deployed. |                                                                                      |
+| `useManagedIdentityExtension` | Boolean indicating whether or not to use a managed identity. | `true` or `false`                                                                    |
+| `userAssignedIdentityID`      | ClientID of the user-assigned managed identity with RBAC access to Azure resources. | Required for UserAssignedIdentity and ommited for SystemAssignedIdentity. |
+| `aadClientId`                 | The ClientID for an AAD application with RBAC access to Azure resources. | Required if `useManagedIdentityExtension` is set to `false`.                         |
+| `aadClientSecret`             | The ClientSecret for an AAD application with RBAC access to Azure resources. | Required if `useManagedIdentityExtension` is set to `false`.                         |
+| `resourceGroup`               | The name of the resource group where cluster resources are deployed. |                                                                                      |
+| `userAgent`                   | The userAgent provided to Azure when accessing Azure resources. | |
+| `location`                    | The azure region where resource group and its resources is deployed. |  |
+
+You can create a file `azure.yaml` with the following content, and pass it to `helm install` command: `helm install <release-name> <chart-name> -f azure.yaml`
+
+```yaml
+config:
+  azureCloudConfig:
+    cloud: "AzurePublicCloud"
+    tenantId: "00000000-0000-0000-0000-000000000000"
+    subscriptionId: "00000000-0000-0000-0000-000000000000"
+    useManagedIdentityExtension: false
+    userAssignedIdentityID: "00000000-0000-0000-0000-000000000000"
+    aadClientId: "00000000-0000-0000-0000-000000000000"
+    aadClientSecret: "<your secret>"
+    userAgent: "fleet-hub-net-controller-controller"
+    resourceGroup: "<resource group name>"
+    location: "<resource group location>"
+```
 
 ## Contributing Changes
diff --git a/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml b/charts/hub-net-controller-manager/templates/azurecloudconfig.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: azure-cloud-config
+  namespace: {{ .Values.fleetSystemNamespace }}
+type: Opaque
+data:
+  azure.json: {{ .Values.config.azureCloudConfig | toJson | indent 4 | b64enc | quote }}
diff --git a/charts/hub-net-controller-manager/templates/deployment.yaml b/charts/hub-net-controller-manager/templates/deployment.yaml
@@ -29,6 +29,7 @@ spec:
             - --v={{ .Values.logVerbosity }}
             - --add_dir_header
             - --force-delete-wait-time={{ .Values.forceDeleteWaitTime }}
+            - --cloud-config=/etc/kubernetes/provider/azure.json
           ports:
           - name: metrics
             containerPort: 8080
@@ -46,6 +47,10 @@ spec:
               port: healthz
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - name: cloud-provider-config
+            mountPath: /etc/kubernetes/provider
+            readOnly: true
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -58,3 +63,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      volumes:
+      - name: cloud-provider-config
+        secret:
+          secretName: azure-cloud-config
diff --git a/charts/hub-net-controller-manager/values.yaml b/charts/hub-net-controller-manager/values.yaml
@@ -31,3 +31,16 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+config:
+  azureCloudConfig:
+    cloud: "AzurePublicCloud"
+    tenantId: ""
+    subscriptionId: ""
+    useManagedIdentityExtension: false
+    userAssignedIdentityID: ""
+    aadClientId: ""
+    aadClientSecret: ""
+    userAgent: ""
+    resourceGroup: ""
+    location: ""
diff --git a/cmd/hub-net-controller-manager/main.go b/cmd/hub-net-controller-manager/main.go
@@ -32,6 +32,7 @@ import (
 	"go.goms.io/fleet/pkg/utils"
 
 	fleetnetv1alpha1 "go.goms.io/fleet-networking/api/v1alpha1"
+	"go.goms.io/fleet-networking/pkg/common/cloudconfig"
 	"go.goms.io/fleet-networking/pkg/controllers/hub/endpointsliceexport"
 	"go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceexport"
 	"go.goms.io/fleet-networking/pkg/controllers/hub/internalserviceimport"
@@ -58,6 +59,8 @@ var (
 	enableV1Beta1APIs = flag.Bool("enable-v1beta1-apis", true, "If set, the agents will watch for the v1beta1 APIs.")
 
 	enableTrafficManagerFeature = flag.Bool("enable-traffic-manager-feature", false, "If set, the traffic manager feature will be enabled.")
+
+	cloudConfigFile = flag.String("cloud-config", "/etc/kubernetes/provider/azure.json", "The path to the cloud config file which will be used to access the Azure resource.")
 )
 
 var (
@@ -67,6 +70,11 @@ var (
 	}
 )
 
+const (
+	// defaultUserAgent is the default user agent string to access Azure resources.
+	defaultUserAgent = "fleet-net-controller-manager"
+)
+
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(fleetnetv1alpha1.AddToScheme(scheme))
@@ -184,6 +192,15 @@ func main() {
 			}
 		}
 		// TODO: start the traffic manager controllers
+
+		cloudConfig, err := cloudconfig.NewCloudConfigFromFile(*cloudConfigFile)
+		if err != nil {
+			klog.ErrorS(err, "Unable to load cloud config", "file name", *cloudConfigFile)
+			exitWithErrorFunc()
+		}
+		cloudConfig.SetUserAgent(defaultUserAgent)
+		// TODO: replace this with a proper usage of the cloud config
+		klog.V(1).InfoS("Cloud config loaded", "config", cloudConfig)
 	}
 
 	klog.V(1).InfoS("Starting ServiceExportImport controller manager")

diff --git a/go.mod b/go.mod
@@ -22,10 +22,25 @@ require (
 	sigs.k8s.io/controller-runtime v0.19.0
 )
 
-require go.goms.io/fleet v0.10.10
+require (
+	go.goms.io/fleet v0.10.10
+	sigs.k8s.io/yaml v1.4.0
+)
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -40,6 +55,7 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
@@ -49,10 +65,12 @@ require (
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
@@ -63,6 +81,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.30.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect
 	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
@@ -83,7 +102,6 @@ require (
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/work-api v0.0.0-20220407021756-586d707fdb2c // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
 // Fleet repo is using a custom version of work-api.

diff --git a/go.sum b/go.sum
@@ -4,14 +4,36 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 h1:Hp+EScFOu9HeCbeW8WU2yQPJd4gGwhMgKxWe+G6jNzw=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0/go.mod h1:/pz8dyNQe+Ey3yBp/XuYz7oqX8YDNWVpPB0hH3XWfbc=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 h1:DWlwvVV5r/Wy1561nZ3wrpI1/vDIBRY/Wd1HWaRBZWA=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0/go.mod h1:E7ltexgRDmeJ0fJWv0D/HLwY2xbDdN+uv+X2uZtOx3w=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0 h1:0nGmzwBv5ougvzfGPCO2ljFRHvun57KpNrVCMrlk0ns=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4 v4.8.0/go.mod h1:gYq8wyDgv6JLhGbAU6gg8amCPgQWRE+aCvrV2gyzdfs=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 h1:HlZMUZW8S4P9oob1nCHxCCKrytxyLc+24nUJGssoEto=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0/go.mod h1:StGsLbuJh06Bd8IBfnAlIFV3fLb+gkczONWf15hpX2E=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0 h1:bXwSugBiSbgtz7rOtbfGf+woewp4f06orW9OP5BjHLA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 v4.3.0/go.mod h1:Y/HgrePTmGy9HjdSGTqZNa+apUpTVIEVKXJyARP2lrk=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0 h1:e3kTG23M5ps+DjvPolK4dcgohDY8sHsXU7zrdHj1WzY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0/go.mod h1:Os5dq8Cvvz97rJauZhZJAfKHN+OEvF/0nVmHzF4aVys=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/Azure/k8s-work-api v0.5.0 h1:DVOBt68NFTEVVV+vzz82WdTm4lroXuMd9ktfrfb/kU0=
 github.com/Azure/k8s-work-api v0.5.0/go.mod h1:CQiDOlNvMeKvGVer80PtvbW9X1cXq7EID9aMXyxkqPU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
@@ -136,6 +158,8 @@ go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8d
 go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
@@ -165,6 +189,7 @@ golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=

diff --git a/pkg/common/cloudconfig/config.go b/pkg/common/cloudconfig/config.go
@@ -0,0 +1,105 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT license.
+*/
+
+// Package cloudconfig defines azure cloud provider configuration.
+package cloudconfig
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"sigs.k8s.io/cloud-provider-azure/pkg/azclient"
+	"sigs.k8s.io/yaml"
+)
+
+// CloudConfig defines the necessary configurations to access Azure resources.
+type CloudConfig struct {
+	azclient.ARMClientConfig `json:",inline" mapstructure:",squash"`
+	azclient.AzureAuthConfig `json:",inline" mapstructure:",squash"`
+	// subscription ID
+	SubscriptionID string `json:"subscriptionID,omitempty" mapstructure:"subscriptionID,omitempty"`
+	// azure resource location
+	Location string `json:"location,omitempty" mapstructure:"location,omitempty"`
+	// default resource group where the azure resources are deployed
+	ResourceGroup string `json:"resourceGroup,omitempty" mapstructure:"resourceGroup,omitempty"`
+}
+
+// NewCloudConfigFromFile loads cloud config from a file given the file path.
+func NewCloudConfigFromFile(filePath string) (*CloudConfig, error) {
+	if filePath == "" {
+		return nil, fmt.Errorf("failed to load cloud config: file path is empty")
+	}
+
+	var config CloudConfig
+	configReader, err := os.Open(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open cloud config file: %w, file path: %s", err, filePath)
+	}
+	defer configReader.Close()
+
+	contents, err := io.ReadAll(configReader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read cloud config file: %w, file path: %s", err, filePath)
+	}
+
+	if err := yaml.Unmarshal(contents, &config); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal cloud config: %w, file path: %s", err, filePath)
+	}
+
+	config.trimSpace()
+	if err := config.validate(); err != nil {
+		return nil, fmt.Errorf("failed to validate cloud config: %w, file contents: `%s`", err, string(contents))
+	}
+
+	return &config, nil
+}
+
+// SetUserAgent sets the user agent string to access Azure resources.
+func (cfg *CloudConfig) SetUserAgent(userAgent string) {
+	cfg.UserAgent = userAgent
+}
+
+func (cfg *CloudConfig) validate() error {
+	if cfg.Cloud == "" {
+		return fmt.Errorf("cloud is empty")
+	}
+
+	if cfg.Location == "" {
+		return fmt.Errorf("location is empty")
+	}
+
+	if cfg.SubscriptionID == "" {
+		return fmt.Errorf("subscription ID is empty")
+	}
+
+	if cfg.ResourceGroup == "" {
+		return fmt.Errorf("resource group is empty")
+	}
+
+	if !cfg.UseManagedIdentityExtension {
+		if cfg.UserAssignedIdentityID != "" {
+			return fmt.Errorf("useManagedIdentityExtension needs to be true when userAssignedIdentityID is provided")
+		}
+		if cfg.AADClientID == "" || cfg.AADClientSecret == "" {
+			return fmt.Errorf("AAD client ID or AAD client secret is empty")
+		}
+	}
+
+	return nil
+}
+
+func (cfg *CloudConfig) trimSpace() {
+	cfg.Cloud = strings.TrimSpace(cfg.Cloud)
+	cfg.TenantID = strings.TrimSpace(cfg.TenantID)
+	cfg.UserAgent = strings.TrimSpace(cfg.UserAgent)
+	cfg.SubscriptionID = strings.TrimSpace(cfg.SubscriptionID)
+	cfg.Location = strings.TrimSpace(cfg.Location)
+	cfg.ResourceGroup = strings.TrimSpace(cfg.ResourceGroup)
+	cfg.UserAssignedIdentityID = strings.TrimSpace(cfg.UserAssignedIdentityID)
+	cfg.AADClientID = strings.TrimSpace(cfg.AADClientID)
+	cfg.AADClientSecret = strings.TrimSpace(cfg.AADClientSecret)
+}