Add support for specifying a fixed API server IP

Author: Matt Pryor

api/v1alpha4/openstackcluster_types.go

@@ -83,6 +83,16 @@ type OpenStackClusterSpec struct {
 	// This field is not used if DisableAPIServerFloatingIP is set.
 	APIServerFloatingIP string `json:"apiServerFloatingIP,omitempty"`
 
+	// APIServerFixedIP is the fixed IP which will be associated with the API server.
+	// In the case where the API server has a floating IP but not a managed load balancer,
+	// this field is not used.
+	// If a managed load balancer is used and this field is not specified, a fixed IP will
+	// be dynamically allocated for the load balancer.
+	// If a managed load balancer is not used AND the API server floating IP is disabled,
+	// this field MUST be specified and should correspond to a pre-allocated port that
+	// holds the fixed IP to be used as a VIP.
+	APIServerFixedIP string `json:"apiServerFixedIP,omitempty"`
+
 	// APIServerPort is the port on which the listener on the APIServer
 	// will be created
 	APIServerPort int `json:"apiServerPort,omitempty"`

config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml

@@ -1078,6 +1078,17 @@ spec:
                   groups are configured so that all ingress and egress between cluster
                   nodes is permitted, allowing CNIs other than Calico to be used.
                 type: boolean
+              apiServerFixedIP:
+                description: APIServerFixedIP is the fixed IP which will be associated
+                  with the API server. In the case where the API server has a floating
+                  IP but not a managed load balancer, this field is not used. If a
+                  managed load balancer is used and this field is not specified, a
+                  fixed IP will be dynamically allocated for the load balancer. If
+                  a managed load balancer is not used AND the API server floating
+                  IP is disabled, this field MUST be specified and should correspond
+                  to a pre-allocated port that holds the fixed IP to be used as a
+                  VIP.
+                type: string
               apiServerFloatingIP:
                 description: APIServerFloatingIP is the floatingIP which will be associated
                   with the API server. The floatingIP will be created if it does not

config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml

@@ -57,6 +57,18 @@ spec:
                           and egress between cluster nodes is permitted, allowing
                           CNIs other than Calico to be used.
                         type: boolean
+                      apiServerFixedIP:
+                        description: APIServerFixedIP is the fixed IP which will be
+                          associated with the API server. In the case where the API
+                          server has a floating IP but not a managed load balancer,
+                          this field is not used. If a managed load balancer is used
+                          and this field is not specified, a fixed IP will be dynamically
+                          allocated for the load balancer. If a managed load balancer
+                          is not used AND the API server floating IP is disabled,
+                          this field MUST be specified and should correspond to a
+                          pre-allocated port that holds the fixed IP to be used as
+                          a VIP.
+                        type: string
                       apiServerFloatingIP:
                         description: APIServerFloatingIP is the floatingIP which will
                           be associated with the API server. The floatingIP will be

controllers/openstackcluster_controller.go

@@ -487,13 +487,17 @@ func reconcileNetworkComponents(log logr.Logger, osProviderClient *gophercloud.P
 				return errors.Errorf("Floating IP cannot be got or created: %v", err)
 			}
 			host = fp.FloatingIP
+		case openStackCluster.Spec.APIServerFixedIP != "":
+			// If a fixed IP was specified, assume that the user is providing the extra configuration
+			// to use that IP as the VIP for the API server, e.g. using keepalived or kube-vip
+			host = openStackCluster.Spec.APIServerFixedIP
 		default:
-			// This case is not managed for now (i.e. no load balancer + no floating IP)
-			// We could manage a VIP port on the cluster network and set allowedAddressPairs accordingly
-			// when creating control plane machines, but this would require us to deploy software on the
-			// control plane hosts to manage the VIP (e.g. keepalived/kube-vip)
-			// It is still possible for a user to deploy this case manually using existing options
-			return errors.New("unable to determine VIP for API server - either load balancer or floating IP must be enabled")
+			// For now, we do not provide a managed VIP without either a load balancer or a floating IP
+			// In the future, we could manage a VIP port on the cluster network and set allowedAddressPairs
+			// accordingly when creating control plane machines
+			// However this would require us to deploy software on the control plane hosts to manage the
+			// VIP (e.g. keepalived/kube-vip)
+			return errors.New("unable to determine VIP for API server")
 		}
 
 		// Set APIEndpoints so the Cluster API Cluster Controller can pull them

pkg/cloud/services/loadbalancer/loadbalancer.go

@@ -44,17 +44,26 @@ func (s *Service) ReconcileLoadBalancer(openStackCluster *infrav1.OpenStackClust
 	loadBalancerName := getLoadBalancerName(clusterName)
 	s.logger.Info("Reconciling load balancer", "name", loadBalancerName)
 
-	lb, err := s.getOrCreateLoadBalancer(openStackCluster, loadBalancerName, openStackCluster.Status.Network.Subnet.ID, clusterName)
+	var fixedIPAddress string
+	switch {
+	case openStackCluster.Spec.APIServerFixedIP != "":
+		fixedIPAddress = openStackCluster.Spec.APIServerFixedIP
+	case openStackCluster.Spec.DisableAPIServerFloatingIP && openStackCluster.Spec.ControlPlaneEndpoint.IsValid():
+		fixedIPAddress = openStackCluster.Spec.ControlPlaneEndpoint.Host
+	}
+
+	lb, err := s.getOrCreateLoadBalancer(openStackCluster, loadBalancerName, openStackCluster.Status.Network.Subnet.ID, clusterName, fixedIPAddress)
 	if err != nil {
 		return err
 	}
 
 	var lbFloatingIP string
 	if !openStackCluster.Spec.DisableAPIServerFloatingIP {
 		var floatingIPAddress string
-		if openStackCluster.Spec.APIServerFloatingIP != "" {
+		switch {
+		case openStackCluster.Spec.APIServerFloatingIP != "":
 			floatingIPAddress = openStackCluster.Spec.APIServerFloatingIP
-		} else if openStackCluster.Spec.ControlPlaneEndpoint.IsValid() {
+		case openStackCluster.Spec.ControlPlaneEndpoint.IsValid():
 			floatingIPAddress = openStackCluster.Spec.ControlPlaneEndpoint.Host
 		}
 		fp, err := s.networkingService.GetOrCreateFloatingIP(openStackCluster, clusterName, floatingIPAddress)
@@ -95,7 +104,7 @@ func (s *Service) ReconcileLoadBalancer(openStackCluster *infrav1.OpenStackClust
 	return nil
 }
 
-func (s *Service) getOrCreateLoadBalancer(openStackCluster *infrav1.OpenStackCluster, loadBalancerName, subnetID, clusterName string) (*loadbalancers.LoadBalancer, error) {
+func (s *Service) getOrCreateLoadBalancer(openStackCluster *infrav1.OpenStackCluster, loadBalancerName, subnetID, clusterName string, vipAddress string) (*loadbalancers.LoadBalancer, error) {
 	lb, err := s.checkIfLbExists(loadBalancerName)
 	if err != nil {
 		return nil, err
@@ -110,6 +119,7 @@ func (s *Service) getOrCreateLoadBalancer(openStackCluster *infrav1.OpenStackClu
 	lbCreateOpts := loadbalancers.CreateOpts{
 		Name:        loadBalancerName,
 		VipSubnetID: subnetID,
+		VipAddress:  vipAddress,
 		Description: names.GetDescription(clusterName),
 	}
 	mc := metrics.NewMetricPrometheusContext("loadbalancer", "create")