From dc78d0eb4b44283ea637ca096d2dff5d5a4f3f87 Mon Sep 17 00:00:00 2001
From: cpu1 <patwal.chetan@gmail.com>
Date: Tue, 12 Aug 2025 14:50:54 +0530
Subject: [PATCH] Fix disabling NAT gateway for `cluster` role subnets

Signed-off-by: cpu1 <patwal.chetan@gmail.com>
---
 api/v1beta1/azurecluster_default.go      | 12 ++++---
 api/v1beta1/azurecluster_default_test.go | 44 ++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/api/v1beta1/azurecluster_default.go b/api/v1beta1/azurecluster_default.go
index 27792ab7380..e9e732d0223 100644
--- a/api/v1beta1/azurecluster_default.go
+++ b/api/v1beta1/azurecluster_default.go
@@ -202,11 +202,13 @@ func (s *SubnetSpec) setClusterSubnetDefaults(clusterName string) {
 	if s.RouteTable.Name == "" {
 		s.RouteTable.Name = generateClusterRouteTableName(clusterName)
 	}
-	if s.NatGateway.Name == "" {
-		s.NatGateway.Name = generateClusterNatGatewayName(clusterName)
-	}
-	if !s.IsIPv6Enabled() && s.ID == "" && s.NatGateway.NatGatewayIP.Name == "" {
-		s.NatGateway.NatGatewayIP.Name = generateNatGatewayIPName(s.NatGateway.Name)
+	if s.ID == "" {
+		if s.NatGateway.Name == "" {
+			s.NatGateway.Name = generateClusterNatGatewayName(clusterName)
+		}
+		if !s.IsIPv6Enabled() && s.NatGateway.NatGatewayIP.Name == "" {
+			s.NatGateway.NatGatewayIP.Name = generateNatGatewayIPName(s.NatGateway.Name)
+		}
 	}
 	s.setDefaults(DefaultClusterSubnetCIDR)
 	s.SecurityGroup.SecurityGroupClass.setDefaults()
diff --git a/api/v1beta1/azurecluster_default_test.go b/api/v1beta1/azurecluster_default_test.go
index 057abfaa2a8..a1b92019427 100644
--- a/api/v1beta1/azurecluster_default_test.go
+++ b/api/v1beta1/azurecluster_default_test.go
@@ -1098,6 +1098,50 @@ func TestSubnetDefaults(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "don't default NAT Gateway for cluster subnet if subnet already exists",
+			cluster: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec: NetworkSpec{
+						Subnets: Subnets{
+							{
+								SubnetClassSpec: SubnetClassSpec{
+									Role: SubnetCluster,
+									Name: "cluster-test-cluster-subnet",
+								},
+								ID: "my-subnet-id",
+							},
+						},
+					},
+				},
+			},
+			output: &AzureCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "cluster-test",
+				},
+				Spec: AzureClusterSpec{
+					ControlPlaneEnabled: true,
+					NetworkSpec: NetworkSpec{
+						Subnets: Subnets{
+							{
+								SubnetClassSpec: SubnetClassSpec{
+									Role:       SubnetCluster,
+									CIDRBlocks: []string{DefaultClusterSubnetCIDR},
+									Name:       "cluster-test-cluster-subnet",
+								},
+								ID:            "my-subnet-id",
+								SecurityGroup: SecurityGroup{Name: "cluster-test-nsg"},
+								RouteTable:    RouteTable{Name: "cluster-test-routetable"},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for _, c := range cases {