make control plane lb configurable

Author: shysank

api/v1alpha3/azurecluster_conversion.go

@@ -54,6 +54,7 @@ func (src *AzureCluster) ConvertTo(dstRaw conversion.Hub) error { // nolint
 	dst.Spec.NetworkSpec.APIServerLB.FrontendIPsCount = restored.Spec.NetworkSpec.APIServerLB.FrontendIPsCount
 	dst.Spec.NetworkSpec.APIServerLB.IdleTimeoutInMinutes = restored.Spec.NetworkSpec.APIServerLB.IdleTimeoutInMinutes
 	dst.Spec.NetworkSpec.NodeOutboundLB = restored.Spec.NetworkSpec.NodeOutboundLB
+	dst.Spec.NetworkSpec.ControlPlaneOutboundLB = restored.Spec.NetworkSpec.ControlPlaneOutboundLB
 	dst.Spec.CloudProviderConfigOverrides = restored.Spec.CloudProviderConfigOverrides
 	dst.Spec.BastionSpec = restored.Spec.BastionSpec
 

api/v1alpha3/zz_generated.conversion.go

@@ -53,6 +53,7 @@ func (c *AzureCluster) setNetworkSpecDefaults() {
 	c.setSubnetDefaults()
 	c.setAPIServerLBDefaults()
 	c.setNodeOutboundLBDefaults()
+	c.setControlPlaneOutboundLBDefaults()
 }
 
 func (c *AzureCluster) setResourceGroupDefault() {
@@ -196,6 +197,42 @@ func (c *AzureCluster) setNodeOutboundLBDefaults() {
 		lb.FrontendIPsCount = pointer.Int32Ptr(1)
 	}
 
+	c.setOutboundLBFrontendIPs(lb, generateNodeOutboundIPName)
+}
+
+func (c *AzureCluster) setControlPlaneOutboundLBDefaults() {
+	// public clusters don't need control plane outbound lb
+	if c.Spec.NetworkSpec.APIServerLB.Type == Public {
+		return
+	}
+
+	// private clusters can disable control plane outbound lb by setting it to nil.
+	if c.Spec.NetworkSpec.ControlPlaneOutboundLB == nil {
+		return
+	}
+
+	lb := c.Spec.NetworkSpec.ControlPlaneOutboundLB
+	lb.Type = Public
+	lb.SKU = SKUStandard
+
+	if lb.Name == "" {
+		lb.Name = generateControlPlaneOutboundLBName(c.ObjectMeta.Name)
+	}
+
+	if lb.IdleTimeoutInMinutes == nil {
+		lb.IdleTimeoutInMinutes = pointer.Int32Ptr(DefaultOutboundRuleIdleTimeoutInMinutes)
+	}
+
+	if lb.FrontendIPsCount == nil {
+		lb.FrontendIPsCount = pointer.Int32Ptr(1)
+	}
+
+	c.setOutboundLBFrontendIPs(lb, generateControlPlaneOutboundIPName)
+}
+
+// setOutboundLBFrontendIPs sets the frontend ips for the given load balancer.
+// The name of the frontend ip is generated using generatePublicIPName function.
+func (c *AzureCluster) setOutboundLBFrontendIPs(lb *LoadBalancerSpec, generatePublicIPName func(string) string) {
 	switch *lb.FrontendIPsCount {
 	case 0:
 		lb.FrontendIPs = []FrontendIP{}
@@ -204,7 +241,7 @@ func (c *AzureCluster) setNodeOutboundLBDefaults() {
 			{
 				Name: generateFrontendIPConfigName(lb.Name),
 				PublicIP: &PublicIPSpec{
-					Name: generateNodeOutboundIPName(c.ObjectMeta.Name),
+					Name: generatePublicIPName(c.ObjectMeta.Name),
 				},
 			},
 		}
@@ -214,7 +251,7 @@ func (c *AzureCluster) setNodeOutboundLBDefaults() {
 			lb.FrontendIPs[i] = FrontendIP{
 				Name: withIndex(generateFrontendIPConfigName(lb.Name), i+1),
 				PublicIP: &PublicIPSpec{
-					Name: withIndex(generateNodeOutboundIPName(c.ObjectMeta.Name), i+1),
+					Name: withIndex(generatePublicIPName(c.ObjectMeta.Name), i+1),
 				},
 			}
 		}
@@ -294,6 +331,11 @@ func generatePublicLBName(clusterName string) string {
 	return fmt.Sprintf("%s-%s", clusterName, "public-lb")
 }
 
+// generateControlPlaneOutboundLBName generates the name of the control plane outbound LB.
+func generateControlPlaneOutboundLBName(clusterName string) string {
+	return fmt.Sprintf("%s-outbound-lb", clusterName)
+}
+
 // generatePublicIPName generates a public IP name, based on the cluster name and a hash.
 func generatePublicIPName(clusterName string) string {
 	return fmt.Sprintf("pip-%s-apiserver", clusterName)
@@ -309,6 +351,11 @@ func generateNodeOutboundIPName(clusterName string) string {
 	return fmt.Sprintf("pip-%s-node-outbound", clusterName)
 }
 
+// generateControlPlaneOutboundIPName generates a public IP name, based on the cluster name.
+func generateControlPlaneOutboundIPName(clusterName string) string {
+	return fmt.Sprintf("pip-%s-controlplane-outbound", clusterName)
+}
+
 // withIndex appends the index as suffix to a generated name.
 func withIndex(name string, n int) string {
 	return fmt.Sprintf("%s-%d", name, n)

api/v1alpha4/azurecluster_default.go

@@ -916,6 +916,128 @@ func TestNodeOutboundLBDefaults(t *testing.T) {
 	}
 }
 
+func TestControlPlaneOutboundLBDefaults(t *testing.T) {
+	cases := []struct {
+		name    string
+		cluster *AzureCluster
+		output  *AzureCluster
+	}{
+		{
+			name: "no cp lb for public clusters",
+			cluster: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{Type: Public},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{
+							Type: Public,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "no cp lb for private clusters",
+			cluster: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{Type: Internal},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{
+							Type: Internal,
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "frontendIPsCount > 1",
+			cluster: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{Type: Internal},
+						ControlPlaneOutboundLB: &LoadBalancerSpec{
+							FrontendIPsCount:     to.Int32Ptr(2),
+							IdleTimeoutInMinutes: to.Int32Ptr(15),
+						},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: v1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					NetworkSpec: NetworkSpec{
+						APIServerLB: LoadBalancerSpec{
+							Type: Internal,
+						},
+						ControlPlaneOutboundLB: &LoadBalancerSpec{
+							Name: "cluster-test-outbound-lb",
+							SKU:  SKUStandard,
+							FrontendIPs: []FrontendIP{
+								{
+									Name: "cluster-test-outbound-lb-frontEnd-1",
+									PublicIP: &PublicIPSpec{
+										Name: "pip-cluster-test-controlplane-outbound-1",
+									},
+								},
+								{
+									Name: "cluster-test-outbound-lb-frontEnd-2",
+									PublicIP: &PublicIPSpec{
+										Name: "pip-cluster-test-controlplane-outbound-2",
+									},
+								},
+							},
+							Type:                 Public,
+							FrontendIPsCount:     to.Int32Ptr(2),
+							IdleTimeoutInMinutes: to.Int32Ptr(15),
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		tc := c
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			tc.cluster.setControlPlaneOutboundLBDefaults()
+			if !reflect.DeepEqual(tc.cluster, tc.output) {
+				expected, _ := json.MarshalIndent(tc.output, "", "\t")
+				actual, _ := json.MarshalIndent(tc.cluster, "", "\t")
+				t.Errorf("Expected %s, got %s", string(expected), string(actual))
+			}
+		})
+	}
+}
+
 func TestBastionDefault(t *testing.T) {
 	cases := map[string]struct {
 		cluster *AzureCluster

api/v1alpha4/azurecluster_default_test.go

@@ -64,6 +64,11 @@ type NetworkSpec struct {
 	// +optional
 	NodeOutboundLB *LoadBalancerSpec `json:"nodeOutboundLB,omitempty"`
 
+	// ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer.
+	// This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic.
+	// +optional
+	ControlPlaneOutboundLB *LoadBalancerSpec `json:"controlPlaneOutboundLB,omitempty"`
+
 	// PrivateDNSZoneName defines the zone name for the Azure Private DNS.
 	// +optional
 	PrivateDNSZoneName string `json:"privateDNSZoneName,omitempty"`