From 0714d365423dacba5f6088faa50615a4b0b68358 Mon Sep 17 00:00:00 2001
From: Marco Braga <mrbraga@redhat.com>
Date: Fri, 1 Mar 2024 09:58:26 -0300
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix:=20additional=20control=20pl?=
 =?UTF-8?q?ane=20LBs=20must=20use=20correct=20subnets.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The additional (non-primary) Control planes with schema different
than the primary are getting incorrect subnets.

The fix makes sure that the schema for the lbSpec is checked, instead
of the primary.

Considering we can access the lbSpec locally, we no longer need the
function ControlPlaneLoadBalancerScheme.
---
 pkg/cloud/scope/cluster.go             |  1 +
 pkg/cloud/scope/elb.go                 |  1 +
 pkg/cloud/services/elb/loadbalancer.go | 11 ++++++++---
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/cloud/scope/cluster.go b/pkg/cloud/scope/cluster.go
index 9fb9a4ce62..aa988f8825 100644
--- a/pkg/cloud/scope/cluster.go
+++ b/pkg/cloud/scope/cluster.go
@@ -193,6 +193,7 @@ func (s *ClusterScope) ControlPlaneLoadBalancers() []*infrav1.AWSLoadBalancerSpe
 }
 
 // ControlPlaneLoadBalancerScheme returns the Classic ELB scheme (public or internal facing).
+// Deprecated: This method is going to be removed in a future release. Use LoadBalancer.Scheme.
 func (s *ClusterScope) ControlPlaneLoadBalancerScheme() infrav1.ELBScheme {
 	if s.ControlPlaneLoadBalancer() != nil && s.ControlPlaneLoadBalancer().Scheme != nil {
 		return *s.ControlPlaneLoadBalancer().Scheme
diff --git a/pkg/cloud/scope/elb.go b/pkg/cloud/scope/elb.go
index 53b3d6db99..3d588f665b 100644
--- a/pkg/cloud/scope/elb.go
+++ b/pkg/cloud/scope/elb.go
@@ -43,6 +43,7 @@ type ELBScope interface {
 	ControlPlaneLoadBalancer() *infrav1.AWSLoadBalancerSpec
 
 	// ControlPlaneLoadBalancerScheme returns the Classic ELB scheme (public or internal facing)
+	// Deprecated: This method is going to be removed in a future release. Use LoadBalancer.Scheme.
 	ControlPlaneLoadBalancerScheme() infrav1.ELBScheme
 
 	// ControlPlaneLoadBalancerName returns the Classic ELB name
diff --git a/pkg/cloud/services/elb/loadbalancer.go b/pkg/cloud/services/elb/loadbalancer.go
index 9dfd312ef9..592ef4370c 100644
--- a/pkg/cloud/services/elb/loadbalancer.go
+++ b/pkg/cloud/services/elb/loadbalancer.go
@@ -250,7 +250,7 @@ func (s *Service) getAPIServerLBSpec(elbName string, lbSpec *infrav1.AWSLoadBala
 		// The load balancer APIs require us to only attach one subnet for each AZ.
 		subnets := s.scope.Subnets().FilterPrivate()
 
-		if s.scope.ControlPlaneLoadBalancerScheme() == infrav1.ELBSchemeInternetFacing {
+		if scheme == infrav1.ELBSchemeInternetFacing {
 			subnets = s.scope.Subnets().FilterPublic()
 		}
 
@@ -989,9 +989,14 @@ func (s *Service) getAPIServerClassicELBSpec(elbName string) (*infrav1.LoadBalan
 	}
 	securityGroupIDs = append(securityGroupIDs, s.scope.SecurityGroups()[infrav1.SecurityGroupAPIServerLB].ID)
 
+	scheme := infrav1.ELBSchemeInternetFacing
+	if controlPlaneLoadBalancer != nil && controlPlaneLoadBalancer.Scheme != nil {
+		scheme = *controlPlaneLoadBalancer.Scheme
+	}
+
 	res := &infrav1.LoadBalancer{
 		Name:   elbName,
-		Scheme: s.scope.ControlPlaneLoadBalancerScheme(),
+		Scheme: scheme,
 		ClassicELBListeners: []infrav1.ClassicELBListener{
 			{
 				Protocol:         infrav1.ELBProtocolTCP,
@@ -1044,7 +1049,7 @@ func (s *Service) getAPIServerClassicELBSpec(elbName string) (*infrav1.LoadBalan
 		// The load balancer APIs require us to only attach one subnet for each AZ.
 		subnets := s.scope.Subnets().FilterPrivate()
 
-		if s.scope.ControlPlaneLoadBalancerScheme() == infrav1.ELBSchemeInternetFacing {
+		if scheme == infrav1.ELBSchemeInternetFacing {
 			subnets = s.scope.Subnets().FilterPublic()
 		}