Add support for zone-redundant load balancers

[bryan-cox]

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR implements support for configuring availability zones on Azure load balancers to enable zone-redundant configurations for high availability.

Azure load balancers can be configured as zone-redundant to ensure high availability across multiple availability zones within a region. This feature allows users to specify availability zones (1, 2, 3) on load balancers, which are then set on the frontend IP configurations.

Key changes:

• Added AvailabilityZones field to LoadBalancerSpec API
• Implemented service layer to set zones on frontend IP configurations
• Added webhook validation to enforce Azure's zone immutability requirement
• Included comprehensive documentation with examples and migration guidance
• Added unit tests and E2E tests

Which issue(s) this PR fixes:
Fixes #5709

Special notes for your reviewer:

This implementation follows Azure's zone redundancy model:

• For internal load balancers: zones are set directly on frontend IP configurations
• For public load balancers: zones should be set on associated public IP addresses (documented)
• Zones are immutable after creation per Azure platform requirements
• Webhook validation prevents invalid zone modifications

The E2E test is optional and creates a cluster with zone-redundant load balancers to verify the feature works end-to-end in Azure.

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

Add support for zone-redundant load balancers. Users can now configure availability zones on load balancers (APIServerLB, NodeOutboundLB, ControlPlaneOutboundLB) to enable zone-redundant configurations for high availability across multiple availability zones.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jont828 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

❌ Patch coverage is 51.35135% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.68%. Comparing base (2130510) to head (daacbf5).
⚠️ Report is 17 commits behind head on main.

Files with missing lines	Patch %	Lines
api/v1beta1/azurecluster_webhook.go	33.33%	15 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5944      +/-   ##
==========================================
+ Coverage   44.54%   44.68%   +0.13%     
==========================================
  Files         279      279              
  Lines       25140    25281     +141     
==========================================
+ Hits        11199    11296      +97     
- Misses      13128    13159      +31     
- Partials      813      826      +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jackfrancis]

@bryan-cox can you add this new functionality to the existing E2E scenario for a private cluster, which ships with/ an internal LB? E.g.:

$ git diff templates/flavors/private/patches/private-lb.yaml
diff --git a/templates/flavors/private/patches/private-lb.yaml b/templates/flavors/private/patches/private-lb.yaml
index 76e1539df..a2933e299 100644
--- a/templates/flavors/private/patches/private-lb.yaml
+++ b/templates/flavors/private/patches/private-lb.yaml
@@ -7,6 +7,10 @@ spec:
     apiServerLB:
       name: ${CLUSTER_NAME}-internal-lb
       type: Internal
+      availabilityZones:
+        - "1"
+        - "2"
+        - "3"
     nodeOutboundLB:
       frontendIPsCount: 1
     controlPlaneOutboundLB:

After you apply the above changes to the template partial above, render updated templates w/ kustomize by invoking make generate flavors from the git root directory.

cc @nojnhuh @mboersma

[jackfrancis]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

/retest

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

Attempting to get the PR back to its stable state before attempting to address #5944 (comment) again.

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[bryan-cox]

/test pull-cluster-api-provider-azure-e2e-optional

[k8s-ci-robot]

@bryan-cox: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-azure-capi-e2e	67685f0	link	false	/test pull-cluster-api-provider-azure-capi-e2e
pull-cluster-api-provider-azure-apiversion-upgrade	daacbf5	link	true	/test pull-cluster-api-provider-azure-apiversion-upgrade
pull-cluster-api-provider-azure-e2e-optional	daacbf5	link	false	/test pull-cluster-api-provider-azure-e2e-optional

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.