Merge pull request #5332 from nawazkh/make_ilb_ip_configurable

let users configure private IP of the internal LB
kubernetes-sigs · Dec 14, 2024 · 736bfbc · 736bfbc
2 parents f35cdf1 + ded1922
commit 736bfbc
Show file tree

Hide file tree

Showing 16 changed files with 1,597 additions and 83 deletions.
diff --git a/api/v1beta1/azurecluster_default.go b/api/v1beta1/azurecluster_default.go
@@ -20,6 +20,8 @@ import (
 	"fmt"
 
 	"k8s.io/utils/ptr"
+
+	"sigs.k8s.io/cluster-api-provider-azure/feature"
 )
 
 const (
@@ -245,6 +247,29 @@ func (c *AzureCluster) setAPIServerLBDefaults() {
 				},
 			}
 		}
+		// If the API Server ILB feature is enabled, create a default internal LB IP or use the specified one
+		if feature.Gates.Enabled(feature.APIServerILB) {
+			privateIPFound := false
+			for i := range lb.FrontendIPs {
+				if lb.FrontendIPs[i].FrontendIPClass.PrivateIPAddress != "" {
+					if lb.FrontendIPs[i].Name == "" {
+						lb.FrontendIPs[i].Name = generatePrivateIPConfigName(lb.Name)
+					}
+					privateIPFound = true
+					break
+				}
+			}
+			// if no private IP is found, we should create a default internal LB IP
+			if !privateIPFound {
+				privateIP := FrontendIP{
+					Name: generatePrivateIPConfigName(lb.Name),
+					FrontendIPClass: FrontendIPClass{
+						PrivateIPAddress: DefaultInternalLBIPAddress,
+					},
+				}
+				lb.FrontendIPs = append(lb.FrontendIPs, privateIP)
+			}
+		}
 	} else if lb.Type == Internal {
 		if lb.Name == "" {
 			lb.Name = generateInternalLBName(c.ObjectMeta.Name)
@@ -530,6 +555,11 @@ func generateFrontendIPConfigName(lbName string) string {
 	return fmt.Sprintf("%s-%s", lbName, "frontEnd")
 }
 
+// generateFrontendIPConfigName generates a load balancer frontend IP config name.
+func generatePrivateIPConfigName(lbName string) string {
+	return fmt.Sprintf("%s-%s", lbName, "frontEnd-internal-ip")
+}
+
 // generateNodeOutboundIPName generates a public IP name, based on the cluster name.
 func generateNodeOutboundIPName(clusterName string) string {
 	return fmt.Sprintf("pip-%s-node-outbound", clusterName)

diff --git a/api/v1beta1/azurecluster_default_test.go b/api/v1beta1/azurecluster_default_test.go
@@ -23,7 +23,11 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/component-base/featuregate"
+	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	"k8s.io/utils/ptr"
+
+	"sigs.k8s.io/cluster-api-provider-azure/feature"
 )
 
 func TestResourceGroupDefault(t *testing.T) {
@@ -1236,9 +1240,10 @@ func TestVnetPeeringDefaults(t *testing.T) {
 
 func TestAPIServerLBDefaults(t *testing.T) {
 	cases := []struct {
-		name    string
-		cluster *AzureCluster
-		output  *AzureCluster
+		name        string
+		featureGate featuregate.Feature
+		cluster     *AzureCluster
+		output      *AzureCluster
 	}{
 		{
 			name: "no lb",
@@ -1282,6 +1287,55 @@ func TestAPIServerLBDefaults(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:        "no lb with APIServerILB feature gate enabled",
+			featureGate: feature.APIServerILB,
+			cluster: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec:         NetworkSpec{},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							Name: "cluster-test-public-lb",
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-public-lb-frontEnd",
+									PublicIP: &PublicIPSpec{
+										Name:    "pip-cluster-test-apiserver",
+										DNSName: "",
+									},
+								},
+								{
+									Name: "cluster-test-public-lb-frontEnd-internal-ip",
+									FrontendIPClass: FrontendIPClass{
+										PrivateIPAddress: DefaultInternalLBIPAddress,
+									},
+								},
+							},
+							BackendPool: BackendPool{
+								Name: "cluster-test-public-lb-backendPool",
+							},
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								SKU:                  SKUStandard,
+								Type:                 Public,
+								IdleTimeoutInMinutes: ptr.To[int32](DefaultOutboundRuleIdleTimeoutInMinutes),
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "internal lb",
 			cluster: &AzureCluster{
@@ -1327,6 +1381,52 @@ func TestAPIServerLBDefaults(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:        "internal lb with feature gate API Server ILB enabled",
+			featureGate: feature.APIServerILB,
+			cluster: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								Type: Internal,
+							},
+						},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-internal-lb-frontEnd",
+									FrontendIPClass: FrontendIPClass{
+										PrivateIPAddress: DefaultInternalLBIPAddress,
+									},
+								},
+							},
+							BackendPool: BackendPool{
+								Name: "cluster-test-internal-lb-backendPool",
+							},
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								SKU:                  SKUStandard,
+								Type:                 Internal,
+								IdleTimeoutInMinutes: ptr.To[int32](DefaultOutboundRuleIdleTimeoutInMinutes),
+							},
+							Name: "cluster-test-internal-lb",
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "with custom backend pool name",
 			cluster: &AzureCluster{
@@ -1375,12 +1475,135 @@ func TestAPIServerLBDefaults(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:        "with custom backend pool name with feature gate API Server ILB enabled",
+			featureGate: feature.APIServerILB,
+			cluster: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								Type: Internal,
+							},
+							BackendPool: BackendPool{
+								Name: "custom-backend-pool",
+							},
+						},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-internal-lb-frontEnd",
+									FrontendIPClass: FrontendIPClass{
+										PrivateIPAddress: DefaultInternalLBIPAddress,
+									},
+								},
+							},
+							BackendPool: BackendPool{
+								Name: "custom-backend-pool",
+							},
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								SKU:                  SKUStandard,
+								Type:                 Internal,
+								IdleTimeoutInMinutes: ptr.To[int32](DefaultOutboundRuleIdleTimeoutInMinutes),
+							},
+							Name: "cluster-test-internal-lb",
+						},
+					},
+				},
+			},
+		},
+		{
+			name:        "public lb with APIServerILB feature gate enabled and custom private IP belonging to default control plane CIDR",
+			featureGate: feature.APIServerILB,
+			cluster: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							Name: "cluster-test-public-lb",
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-public-lb-frontEnd",
+									PublicIP: &PublicIPSpec{
+										Name:    "pip-cluster-test-apiserver",
+										DNSName: "",
+									},
+								},
+								{
+									Name: "my-internal-ip",
+									FrontendIPClass: FrontendIPClass{
+										PrivateIPAddress: "10.0.0.111",
+									},
+								},
+							},
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								Type: Public,
+								SKU:  SKUStandard,
+							},
+						},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec: NetworkSpec{
+						APIServerLB: &LoadBalancerSpec{
+							Name: "cluster-test-public-lb",
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-public-lb-frontEnd",
+									PublicIP: &PublicIPSpec{
+										Name:    "pip-cluster-test-apiserver",
+										DNSName: "",
+									},
+								},
+								{
+									Name: "my-internal-ip",
+									FrontendIPClass: FrontendIPClass{
+										PrivateIPAddress: "10.0.0.111",
+									},
+								},
+							},
+							BackendPool: BackendPool{
+								Name: "cluster-test-public-lb-backendPool",
+							},
+							LoadBalancerClassSpec: LoadBalancerClassSpec{
+								SKU:                  SKUStandard,
+								Type:                 Public,
+								IdleTimeoutInMinutes: ptr.To[int32](DefaultOutboundRuleIdleTimeoutInMinutes),
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for _, c := range cases {
 		tc := c
 		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
+			if tc.featureGate != "" {
+				defer featuregatetesting.SetFeatureGateDuringTest(t, feature.Gates, tc.featureGate, true)()
+			}
 			tc.cluster.setAPIServerLBDefaults()
 			if !reflect.DeepEqual(tc.cluster, tc.output) {
 				expected, _ := json.MarshalIndent(tc.output, "", "\t")