Merge pull request openshift#8731 from jhixson74/capz_udr

CORS-3569: UDR for Capz

Author: openshift-merge-bot[bot]

pkg/asset/manifests/azure/cluster.go

@@ -15,6 +15,7 @@ import (
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils/cidr"
 	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/azure"
 )
 
 // GenerateClusterAssets generates the manifests for the cluster-api.
@@ -50,6 +51,14 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		source = mainCIDR.String()
 	}
 
+	controlPlaneOutboundLB := &capz.LoadBalancerSpec{
+		Name:             clusterID.InfraID,
+		FrontendIPsCount: to.Ptr(int32(1)),
+	}
+	if installConfig.Config.Platform.Azure.OutboundType == azure.UserDefinedRoutingOutboundType {
+		controlPlaneOutboundLB = nil
+	}
+
 	securityGroup := capz.SecurityGroup{
 		Name: networkSecurityGroup,
 		SecurityGroupClass: capz.SecurityGroupClass{
@@ -114,10 +123,7 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 						Type: capz.Internal,
 					},
 				},
-				ControlPlaneOutboundLB: &capz.LoadBalancerSpec{
-					Name:             clusterID.InfraID,
-					FrontendIPsCount: to.Ptr(int32(1)),
-				},
+				ControlPlaneOutboundLB: controlPlaneOutboundLB,
 				Subnets: capz.Subnets{
 					{
 						SubnetClassSpec: capz.SubnetClassSpec{

pkg/infrastructure/azure/azure.go

@@ -474,12 +474,19 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
 
 	lbClient := networkClientFactory.NewLoadBalancersClient()
 	lbInput := &lbInput{
-		infraID:        in.InfraID,
-		region:         platform.Region,
-		resourceGroup:  resourceGroupName,
-		subscriptionID: session.Credentials.SubscriptionID,
-		lbClient:       lbClient,
-		tags:           p.Tags,
+		loadBalancerName:       fmt.Sprintf("%s-internal", in.InfraID),
+		infraID:                in.InfraID,
+		region:                 platform.Region,
+		resourceGroup:          resourceGroupName,
+		subscriptionID:         session.Credentials.SubscriptionID,
+		frontendIPConfigName:   "public-lb-ip-v4",
+		backendAddressPoolName: fmt.Sprintf("%s-internal", in.InfraID),
+		idPrefix: fmt.Sprintf("subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers",
+			session.Credentials.SubscriptionID,
+			resourceGroupName,
+		),
+		lbClient: lbClient,
+		tags:     p.Tags,
 	}
 
 	intLoadBalancer, err := updateInternalLoadBalancer(ctx, lbInput)
@@ -504,9 +511,20 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
 		}
 		logrus.Debugf("created public ip: %s", *publicIP.ID)
 
-		loadBalancer, err := updateOutboundLoadBalancerToAPILoadBalancer(ctx, publicIP, lbInput)
-		if err != nil {
-			return fmt.Errorf("failed to update external load balancer: %w", err)
+		lbInput.loadBalancerName = in.InfraID
+		lbInput.backendAddressPoolName = in.InfraID
+
+		var loadBalancer *armnetwork.LoadBalancer
+		if platform.OutboundType == aztypes.UserDefinedRoutingOutboundType {
+			loadBalancer, err = createAPILoadBalancer(ctx, publicIP, lbInput)
+			if err != nil {
+				return fmt.Errorf("failed to create API load balancer: %w", err)
+			}
+		} else {
+			loadBalancer, err = updateOutboundLoadBalancerToAPILoadBalancer(ctx, publicIP, lbInput)
+			if err != nil {
+				return fmt.Errorf("failed to update external load balancer: %w", err)
+			}
 		}
 
 		logrus.Debugf("updated external load balancer: %s", *loadBalancer.ID)

pkg/infrastructure/azure/network.go

@@ -12,12 +12,16 @@ import (
 )
 
 type lbInput struct {
-	infraID        string
-	region         string
-	resourceGroup  string
-	subscriptionID string
-	lbClient       *armnetwork.LoadBalancersClient
-	tags           map[string]*string
+	loadBalancerName       string
+	infraID                string
+	region                 string
+	resourceGroup          string
+	subscriptionID         string
+	frontendIPConfigName   string
+	backendAddressPoolName string
+	idPrefix               string
+	lbClient               *armnetwork.LoadBalancersClient
+	tags                   map[string]*string
 }
 
 type pipInput struct {
@@ -92,15 +96,87 @@ func createPublicIP(ctx context.Context, in *pipInput) (*armnetwork.PublicIPAddr
 	return &resp.PublicIPAddress, nil
 }
 
+func createAPILoadBalancer(ctx context.Context, pip *armnetwork.PublicIPAddress, in *lbInput) (*armnetwork.LoadBalancer, error) {
+	probeName := "api-probe"
+
+	pollerResp, err := in.lbClient.BeginCreateOrUpdate(ctx,
+		in.resourceGroup,
+		in.loadBalancerName,
+		armnetwork.LoadBalancer{
+			Location: to.Ptr(in.region),
+			SKU: &armnetwork.LoadBalancerSKU{
+				Name: to.Ptr(armnetwork.LoadBalancerSKUNameStandard),
+				Tier: to.Ptr(armnetwork.LoadBalancerSKUTierRegional),
+			},
+			Properties: &armnetwork.LoadBalancerPropertiesFormat{
+				FrontendIPConfigurations: []*armnetwork.FrontendIPConfiguration{
+					{
+						Name: &in.frontendIPConfigName,
+						Properties: &armnetwork.FrontendIPConfigurationPropertiesFormat{
+							PrivateIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodDynamic),
+							PublicIPAddress:           pip,
+						},
+					},
+				},
+				BackendAddressPools: []*armnetwork.BackendAddressPool{
+					{
+						Name: &in.backendAddressPoolName,
+					},
+				},
+				Probes: []*armnetwork.Probe{
+					{
+						Name: &probeName,
+						Properties: &armnetwork.ProbePropertiesFormat{
+							Protocol:          to.Ptr(armnetwork.ProbeProtocolHTTPS),
+							Port:              to.Ptr[int32](6443),
+							IntervalInSeconds: to.Ptr[int32](5),
+							NumberOfProbes:    to.Ptr[int32](2),
+							RequestPath:       to.Ptr("/readyz"),
+						},
+					},
+				},
+				LoadBalancingRules: []*armnetwork.LoadBalancingRule{
+					{
+						Name: to.Ptr("api-v4"),
+						Properties: &armnetwork.LoadBalancingRulePropertiesFormat{
+							Protocol:             to.Ptr(armnetwork.TransportProtocolTCP),
+							FrontendPort:         to.Ptr[int32](6443),
+							BackendPort:          to.Ptr[int32](6443),
+							IdleTimeoutInMinutes: to.Ptr[int32](30),
+							EnableFloatingIP:     to.Ptr(false),
+							LoadDistribution:     to.Ptr(armnetwork.LoadDistributionDefault),
+							FrontendIPConfiguration: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", in.idPrefix, in.loadBalancerName, in.frontendIPConfigName)),
+							},
+							BackendAddressPool: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", in.idPrefix, in.loadBalancerName, in.backendAddressPoolName)),
+							},
+							Probe: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", in.idPrefix, in.loadBalancerName, probeName)),
+							},
+						},
+					},
+				},
+			},
+			Tags: in.tags,
+		}, nil)
+
+	if err != nil {
+		return nil, fmt.Errorf("cannot create load balancer: %w", err)
+	}
+
+	resp, err := pollerResp.PollUntilDone(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &resp.LoadBalancer, nil
+}
+
 func updateOutboundLoadBalancerToAPILoadBalancer(ctx context.Context, pip *armnetwork.PublicIPAddress, in *lbInput) (*armnetwork.LoadBalancer, error) {
-	loadBalancerName := in.infraID
 	probeName := "api-probe"
-	frontEndIPConfigName := "public-lb-ip-v4"
-	backEndAddressPoolName := in.infraID
-	idPrefix := fmt.Sprintf("subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers", in.subscriptionID, in.resourceGroup)
 
 	// Get the CAPI-created outbound load balancer so we can modify it.
-	extLB, err := in.lbClient.Get(ctx, in.resourceGroup, loadBalancerName, nil)
+	extLB, err := in.lbClient.Get(ctx, in.resourceGroup, in.loadBalancerName, nil)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get external load balancer: %w", err)
 	}
@@ -112,20 +188,20 @@ func updateOutboundLoadBalancerToAPILoadBalancer(ctx context.Context, pip *armne
 	// API server.
 	extLB.Properties.FrontendIPConfigurations = append(extLB.Properties.FrontendIPConfigurations,
 		&armnetwork.FrontendIPConfiguration{
-			Name: &frontEndIPConfigName,
+			Name: &in.frontendIPConfigName,
 			Properties: &armnetwork.FrontendIPConfigurationPropertiesFormat{
 				PrivateIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodDynamic),
 				PublicIPAddress:           pip,
 			},
 		})
 	extLB.Properties.BackendAddressPools = append(extLB.Properties.BackendAddressPools,
 		&armnetwork.BackendAddressPool{
-			Name: &backEndAddressPoolName,
+			Name: &in.backendAddressPoolName,
 		})
 
 	pollerResp, err := in.lbClient.BeginCreateOrUpdate(ctx,
 		in.resourceGroup,
-		loadBalancerName,
+		in.loadBalancerName,
 		armnetwork.LoadBalancer{
 			Location: to.Ptr(in.region),
 			SKU: &armnetwork.LoadBalancerSKU{
@@ -158,13 +234,13 @@ func updateOutboundLoadBalancerToAPILoadBalancer(ctx context.Context, pip *armne
 							EnableFloatingIP:     to.Ptr(false),
 							LoadDistribution:     to.Ptr(armnetwork.LoadDistributionDefault),
 							FrontendIPConfiguration: &armnetwork.SubResource{
-								ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", idPrefix, loadBalancerName, frontEndIPConfigName)),
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", in.idPrefix, in.loadBalancerName, in.frontendIPConfigName)),
 							},
 							BackendAddressPool: &armnetwork.SubResource{
-								ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", idPrefix, loadBalancerName, backEndAddressPoolName)),
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", in.idPrefix, in.loadBalancerName, in.backendAddressPoolName)),
 							},
 							Probe: &armnetwork.SubResource{
-								ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", idPrefix, loadBalancerName, probeName)),
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", in.idPrefix, in.loadBalancerName, probeName)),
 							},
 						},
 					},
@@ -186,13 +262,10 @@ func updateOutboundLoadBalancerToAPILoadBalancer(ctx context.Context, pip *armne
 }
 
 func updateInternalLoadBalancer(ctx context.Context, in *lbInput) (*armnetwork.LoadBalancer, error) {
-	loadBalancerName := fmt.Sprintf("%s-internal", in.infraID)
 	mcsProbeName := "sint-probe"
-	backEndAddressPoolName := fmt.Sprintf("%s-internal", in.infraID)
-	idPrefix := fmt.Sprintf("subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers", in.subscriptionID, in.resourceGroup)
 
 	// Get the CAPI-created internal load balancer so we can modify it.
-	lbResp, err := in.lbClient.Get(ctx, in.resourceGroup, loadBalancerName, nil)
+	lbResp, err := in.lbClient.Get(ctx, in.resourceGroup, in.loadBalancerName, nil)
 	if err != nil {
 		return nil, fmt.Errorf("could not get internal load balancer: %w", err)
 	}
@@ -225,13 +298,13 @@ func updateInternalLoadBalancer(ctx context.Context, in *lbInput) (*armnetwork.L
 			EnableFloatingIP:     to.Ptr(false),
 			LoadDistribution:     to.Ptr(armnetwork.LoadDistributionDefault),
 			FrontendIPConfiguration: &armnetwork.SubResource{
-				ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", idPrefix, loadBalancerName, existingFrontEndIPConfigName)),
+				ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", in.idPrefix, in.loadBalancerName, existingFrontEndIPConfigName)),
 			},
 			BackendAddressPool: &armnetwork.SubResource{
-				ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", idPrefix, loadBalancerName, backEndAddressPoolName)),
+				ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", in.idPrefix, in.loadBalancerName, in.backendAddressPoolName)),
 			},
 			Probe: &armnetwork.SubResource{
-				ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", idPrefix, loadBalancerName, mcsProbeName)),
+				ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", in.idPrefix, in.loadBalancerName, mcsProbeName)),
 			},
 		},
 	}
@@ -240,7 +313,7 @@ func updateInternalLoadBalancer(ctx context.Context, in *lbInput) (*armnetwork.L
 	intLB.Properties.LoadBalancingRules = append(intLB.Properties.LoadBalancingRules, mcsRule)
 	pollerResp, err := in.lbClient.BeginCreateOrUpdate(ctx,
 		in.resourceGroup,
-		loadBalancerName,
+		in.loadBalancerName,
 		intLB,
 		nil)
 	if err != nil {