Adding artifaact cache entries to capz/container-registry for calico

images to avoid throtteling during large cluster deployments

Author: marosset

infra/azure/terraform/capz/capz-monitoring/main.tf

@@ -46,14 +46,14 @@ resource "azurerm_role_assignment" "monitoring_reader" {
   principal_id         = azurerm_user_assigned_identity.capz_monitoring_user_identity.principal_id
   role_definition_name = "Monitoring Reader"
   scope                = "/subscriptions/${var.subscription_id}"
-  depends_on = [ azurerm_user_assigned_identity.capz_monitoring_user_identity ]
+  depends_on           = [azurerm_user_assigned_identity.capz_monitoring_user_identity]
 }
 
 resource "azurerm_kubernetes_cluster" "capz-monitoring" {
-  dns_prefix            = var.resource_group_name
-  location              = var.location
-  name                  = var.resource_group_name
-  resource_group_name   = var.resource_group_name
+  dns_prefix          = var.resource_group_name
+  location            = var.location
+  name                = var.resource_group_name
+  resource_group_name = var.resource_group_name
   tags = {
     DO-NOT-DELETE     = "contact capz"
     creationTimestamp = timestamp()
@@ -66,7 +66,7 @@ resource "azurerm_kubernetes_cluster" "capz-monitoring" {
     user_assigned_identity_id = azurerm_user_assigned_identity.capz_monitoring_user_identity.id
   }
   identity {
-    type                     = "UserAssigned"
+    type = "UserAssigned"
     identity_ids = [
       azurerm_user_assigned_identity.capz_monitoring_user_identity.id
     ]

infra/azure/terraform/capz/container-registry/main.tf

@@ -46,6 +46,41 @@ resource "azurerm_management_lock" "registry_lock" {
   notes      = "Contact Capz"
 }
 
+resource "azurerm_container_registry_cache_rule" "tigera_operator" {
+  name                  = "tigera-operator-cache"
+  container_registry_id = azurerm_container_registry.capzci_registry.id
+  source_repo           = "quay.io/tigera/operator"
+  target_repo           = "tigera/operator"
+}
+
+resource "azurerm_container_registry_cache_rule" "calico_node" {
+  name                  = "calico-node-cache"
+  container_registry_id = azurerm_container_registry.capzci_registry.id
+  source_repo           = "quay.io/calico/node"
+  target_repo           = "calico/node"
+}
+
+resource "azurerm_container_registry_cache_rule" "calico_cni" {
+  name                  = "calico-cni-cache"
+  container_registry_id = azurerm_container_registry.capzci_registry.id
+  source_repo           = "quay.io/calico/cni"
+  target_repo           = "calico/cni"
+}
+
+resource "azurerm_container_registry_cache_rule" "calico_kube_controllers" {
+  name                  = "calico-kube-controllers-cache"
+  container_registry_id = azurerm_container_registry.capzci_registry.id
+  source_repo           = "quay.io/calico/kube-controllers"
+  target_repo           = "calico/kube-controllers"
+}
+
+resource "azurerm_container_registry_cache_rule" "calico_ctl" {
+  name                  = "calico-ctl-cache"
+  container_registry_id = azurerm_container_registry.capzci_registry.id
+  source_repo           = "quay.io/calico/ctl"
+  target_repo           = "calico/ctl"
+}
+
 resource "azurerm_container_registry_task" "registry_task" {
   container_registry_id = azurerm_container_registry.capzci_registry.id
   name                  = "midnight_capz_purge"

infra/azure/terraform/capz/container-registry/versions.tf

@@ -0,0 +1,31 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+terraform {
+  required_version = ">= 1.4.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      # Pin to a 3.x release: supports container_registry.retention_policy and container_registry_cache_rule
+      version = ">= 3.75.0, < 4.0.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+}