make internalLB IP configurable

kubernetes-sigs · Nov 26, 2024 · 4bba77d · 4bba77d
1 parent 90ba0f0
commit 4bba77d
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 36 deletions.
diff --git a/api/v1beta1/azurecluster_default.go b/api/v1beta1/azurecluster_default.go
@@ -18,6 +18,7 @@ package v1beta1
 
 import (
 	"fmt"
+	"sigs.k8s.io/cluster-api-provider-azure/feature"
 
 	"k8s.io/utils/ptr"
 )
@@ -245,6 +246,29 @@ func (c *AzureCluster) setAPIServerLBDefaults() {
 				},
 			}
 		}
+		// if the API Server ILB feature is enabled, we should create a default internal LB IP
+		if feature.Gates.Enabled(feature.APIServerILB) {
+			privateIPFound := false
+			for i := range lb.FrontendIPs {
+				if lb.FrontendIPs[i].FrontendIPClass.PrivateIPAddress != "" {
+					if lb.FrontendIPs[i].Name == "" {
+						lb.FrontendIPs[i].Name = generateFrontendIPConfigName(lb.Name) + "internal-ip"
+					}
+					privateIPFound = true
+					break
+				}
+			}
+			// if no private IP is found, we should create a default internal LB IP
+			if !privateIPFound {
+				privateIP := FrontendIP{
+					Name: generateFrontendIPConfigName(lb.Name) + "internal-ip",
+					FrontendIPClass: FrontendIPClass{
+						PrivateIPAddress: DefaultInternalLBIPAddress,
+					},
+				}
+				lb.FrontendIPs = append(lb.FrontendIPs, privateIP)
+			}
+		}
 	} else if lb.Type == Internal {
 		if lb.Name == "" {
 			lb.Name = generateInternalLBName(c.ObjectMeta.Name)

diff --git a/api/v1beta1/azurecluster_validation.go b/api/v1beta1/azurecluster_validation.go
@@ -412,37 +412,64 @@ func validateAPIServerLB(lb *LoadBalancerSpec, old *LoadBalancerSpec, cidrs []st
 		allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "API Server load balancer name should not be modified after AzureCluster creation."))
 	}
 
-	// There should only be one IP config.
-	if len(lb.FrontendIPs) != 1 || ptr.Deref[int32](lb.FrontendIPsCount, 1) != 1 {
-		allErrs = append(allErrs, field.Invalid(fldPath.Child("frontendIPConfigs"), lb.FrontendIPs,
-			"API Server Load balancer should have 1 Frontend IP"))
-	} else {
-		// if Internal, IP config should not have a public IP.
-		if lb.Type == Internal {
-			if lb.FrontendIPs[0].PublicIP != nil {
-				allErrs = append(allErrs, field.Forbidden(fldPath.Child("frontendIPConfigs").Index(0).Child("publicIP"),
-					"Internal Load Balancers cannot have a Public IP"))
-			}
-			if lb.FrontendIPs[0].PrivateIPAddress != "" {
-				if err := validateInternalLBIPAddress(lb.FrontendIPs[0].PrivateIPAddress, cidrs,
-					fldPath.Child("frontendIPConfigs").Index(0).Child("privateIP")); err != nil {
-					allErrs = append(allErrs, err)
-				}
-				if len(old.FrontendIPs) != 0 && old.FrontendIPs[0].PrivateIPAddress != lb.FrontendIPs[0].PrivateIPAddress {
-					allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "API Server load balancer private IP should not be modified after AzureCluster creation."))
-				}
-			}
+	publicIPCount := 0
+	privateIPCount := 0
+	for i := range lb.FrontendIPs {
+		if lb.FrontendIPs[i].PublicIP != nil {
+			publicIPCount++
+		}
+		if lb.FrontendIPs[i].PrivateIPAddress != "" {
+			privateIPCount++
 		}
+	}
+
+	if lb.Type == Public {
+		// public IP count should be 1 for public LB.
+		if publicIPCount != 1 || ptr.Deref[int32](lb.FrontendIPsCount, 1) != 1 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("frontendIPConfigs"), lb.FrontendIPs,
+				"API Server Load balancer should have 1 frontend public IP"))
+		}
+
+		if feature.Gates.Enabled(feature.APIServerILB) {
+			if err := validateInternalLBIPAddress(lb.FrontendIPs[0].PrivateIPAddress, cidrs,
+				fldPath.Child("frontendIPConfigs").Index(0).Child("privateIP")); err != nil {
+				allErrs = append(allErrs, err)
+			}
 
-		// if Public, IP config should not have a private IP.
-		if lb.Type == Public {
-			if lb.FrontendIPs[0].PrivateIPAddress != "" {
+			if len(old.FrontendIPs) != 0 && old.FrontendIPs[0].PrivateIPAddress != lb.FrontendIPs[0].PrivateIPAddress {
+				allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "private IP of the Public API Server LB should not be modified after AzureCluster creation."))
+			}
+		} else {
+			// API Server LB should not have a Private IP if APIServerILB feature is disabled.
+			if privateIPCount > 0 {
 				allErrs = append(allErrs, field.Forbidden(fldPath.Child("frontendIPConfigs").Index(0).Child("privateIP"),
 					"Public Load Balancers cannot have a Private IP"))
 			}
 		}
 	}
 
+	// if Internal, IP config should not have a public IP.
+	if lb.Type == Internal {
+		if publicIPCount != 0 {
+			allErrs = append(allErrs, field.Forbidden(fldPath.Child("frontendIPConfigs").Index(0).Child("publicIP"),
+				"Internal Load Balancers cannot have a Public IP"))
+		}
+
+		if privateIPCount != 1 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("frontendIPConfigs"), lb.FrontendIPs,
+				"API Server Load balancer of type private should have 1 frontend private IP"))
+		} else {
+			if err := validateInternalLBIPAddress(lb.FrontendIPs[0].PrivateIPAddress, cidrs,
+				fldPath.Child("frontendIPConfigs").Index(0).Child("privateIP")); err != nil {
+				allErrs = append(allErrs, err)
+			}
+
+			if len(old.FrontendIPs) != 0 && old.FrontendIPs[0].PrivateIPAddress != lb.FrontendIPs[0].PrivateIPAddress {
+				allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "API Server load balancer private IP should not be modified after AzureCluster creation."))
+			}
+		}
+	}
+
 	return allErrs
 }
 

diff --git a/azure/scope/cluster.go b/azure/scope/cluster.go
@@ -269,7 +269,7 @@ func (s *ClusterScope) LBSpecs() []azure.ResourceSpecGetter {
 		}
 
 		// get the internal LB IP and the public LB IP
-		// apiServerLBInternalIP := infrav1.FrontendIP{}
+		apiServerInternalLBIP := infrav1.FrontendIP{}
 		apiServerFrontendLBIP := make([]infrav1.FrontendIP, 0)
 		if s.APIServerLB().FrontendIPs != nil {
 			for _, frontendIP := range s.APIServerLB().FrontendIPs {
@@ -279,9 +279,9 @@ func (s *ClusterScope) LBSpecs() []azure.ResourceSpecGetter {
 					apiServerFrontendLBIP = append(apiServerFrontendLBIP, frontendIP)
 				}
 
-				//if frontendIP.PrivateIPAddress != "" {
-				// apiServerLBInternalIP = frontendIP
-				//}
+				if frontendIP.PrivateIPAddress != "" {
+					apiServerInternalLBIP = frontendIP
+				}
 			}
 		}
 
@@ -311,15 +311,7 @@ func (s *ClusterScope) LBSpecs() []azure.ResourceSpecGetter {
 				}
 
 				// set the internal IP for the internal LB
-				// internalLB.FrontendIPConfigs = []infrav1.FrontendIP{apiServerInternalLBIP}
-				internalLB.FrontendIPConfigs = []infrav1.FrontendIP{
-					{
-						Name: s.APIServerLB().Name + "-internal-frontEnd",
-						FrontendIPClass: infrav1.FrontendIPClass{
-							PrivateIPAddress: infrav1.DefaultInternalLBIPAddress,
-						},
-					},
-				}
+				internalLB.FrontendIPConfigs = []infrav1.FrontendIP{apiServerInternalLBIP}
 				specs = append(specs, internalLB)
 			}
 		}