pkg/infrastructure/azaure: UDR for Azure

jhixson74 · jhixson74 · commit a875643ff74c · 2024-07-15T22:43:13.000-07:00
When user defined routing is configured, don't create an outbound load balancer with outbound rules. Since a public load balancer isn't being created, we create one for public API access. https://issues.redhat.com/browse/CORS-3569
diff --git a/pkg/asset/manifests/azure/cluster.go b/pkg/asset/manifests/azure/cluster.go
@@ -15,6 +15,7 @@ import (
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils/cidr"
 	"github.com/openshift/installer/pkg/types"
+	"github.com/openshift/installer/pkg/types/azure"
 )
 
 // GenerateClusterAssets generates the manifests for the cluster-api.
@@ -50,6 +51,14 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		source = mainCIDR.String()
 	}
 
+	controlPlaneOutboundLB := &capz.LoadBalancerSpec{
+		Name:             clusterID.InfraID,
+		FrontendIPsCount: to.Ptr(int32(1)),
+	}
+	if installConfig.Config.Platform.Azure.OutboundType == azure.UserDefinedRoutingOutboundType {
+		controlPlaneOutboundLB = nil
+	}
+
 	securityGroup := capz.SecurityGroup{
 		Name: networkSecurityGroup,
 		SecurityGroupClass: capz.SecurityGroupClass{
@@ -114,10 +123,7 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 						Type: capz.Internal,
 					},
 				},
-				ControlPlaneOutboundLB: &capz.LoadBalancerSpec{
-					Name:             clusterID.InfraID,
-					FrontendIPsCount: to.Ptr(int32(1)),
-				},
+				ControlPlaneOutboundLB: controlPlaneOutboundLB,
 				Subnets: capz.Subnets{
 					{
 						SubnetClassSpec: capz.SubnetClassSpec{
diff --git a/pkg/infrastructure/azure/azure.go b/pkg/infrastructure/azure/azure.go
@@ -504,9 +504,17 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
 		}
 		logrus.Debugf("created public ip: %s", *publicIP.ID)
 
-		loadBalancer, err := updateOutboundLoadBalancerToAPILoadBalancer(ctx, publicIP, lbInput)
-		if err != nil {
-			return fmt.Errorf("failed to update external load balancer: %w", err)
+		var loadBalancer *armnetwork.LoadBalancer
+		if platform.OutboundType == aztypes.UserDefinedRoutingOutboundType {
+			loadBalancer, err = createAPILoadBalancer(ctx, publicIP, lbInput)
+			if err != nil {
+				return fmt.Errorf("failed to create API load balancer: %w", err)
+			}
+		} else {
+			loadBalancer, err = updateOutboundLoadBalancerToAPILoadBalancer(ctx, publicIP, lbInput)
+			if err != nil {
+				return fmt.Errorf("failed to update external load balancer: %w", err)
+			}
 		}
 
 		logrus.Debugf("updated external load balancer: %s", *loadBalancer.ID)
diff --git a/pkg/infrastructure/azure/network.go b/pkg/infrastructure/azure/network.go
@@ -92,6 +92,86 @@ func createPublicIP(ctx context.Context, in *pipInput) (*armnetwork.PublicIPAddr
 	return &resp.PublicIPAddress, nil
 }
 
+func createAPILoadBalancer(ctx context.Context, pip *armnetwork.PublicIPAddress, in *lbInput) (*armnetwork.LoadBalancer, error) {
+	loadBalancerName := in.infraID
+	probeName := "api-probe"
+	frontEndIPConfigName := "public-lb-ip-v4"
+	backEndAddressPoolName := in.infraID
+	idPrefix := fmt.Sprintf("subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers", in.subscriptionID, in.resourceGroup)
+
+	pollerResp, err := in.lbClient.BeginCreateOrUpdate(ctx,
+		in.resourceGroup,
+		loadBalancerName,
+		armnetwork.LoadBalancer{
+			Location: to.Ptr(in.region),
+			SKU: &armnetwork.LoadBalancerSKU{
+				Name: to.Ptr(armnetwork.LoadBalancerSKUNameStandard),
+				Tier: to.Ptr(armnetwork.LoadBalancerSKUTierRegional),
+			},
+			Properties: &armnetwork.LoadBalancerPropertiesFormat{
+				FrontendIPConfigurations: []*armnetwork.FrontendIPConfiguration{
+					{
+						Name: &frontEndIPConfigName,
+						Properties: &armnetwork.FrontendIPConfigurationPropertiesFormat{
+							PrivateIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodDynamic),
+							PublicIPAddress:           pip,
+						},
+					},
+				},
+				BackendAddressPools: []*armnetwork.BackendAddressPool{
+					{
+						Name: &backEndAddressPoolName,
+					},
+				},
+				Probes: []*armnetwork.Probe{
+					{
+						Name: &probeName,
+						Properties: &armnetwork.ProbePropertiesFormat{
+							Protocol:          to.Ptr(armnetwork.ProbeProtocolHTTPS),
+							Port:              to.Ptr[int32](6443),
+							IntervalInSeconds: to.Ptr[int32](5),
+							NumberOfProbes:    to.Ptr[int32](2),
+							RequestPath:       to.Ptr("/readyz"),
+						},
+					},
+				},
+				LoadBalancingRules: []*armnetwork.LoadBalancingRule{
+					{
+						Name: to.Ptr("api-v4"),
+						Properties: &armnetwork.LoadBalancingRulePropertiesFormat{
+							Protocol:             to.Ptr(armnetwork.TransportProtocolTCP),
+							FrontendPort:         to.Ptr[int32](6443),
+							BackendPort:          to.Ptr[int32](6443),
+							IdleTimeoutInMinutes: to.Ptr[int32](30),
+							EnableFloatingIP:     to.Ptr(false),
+							LoadDistribution:     to.Ptr(armnetwork.LoadDistributionDefault),
+							FrontendIPConfiguration: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/frontendIPConfigurations/%s", idPrefix, loadBalancerName, frontEndIPConfigName)),
+							},
+							BackendAddressPool: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/backendAddressPools/%s", idPrefix, loadBalancerName, backEndAddressPoolName)),
+							},
+							Probe: &armnetwork.SubResource{
+								ID: to.Ptr(fmt.Sprintf("/%s/%s/probes/%s", idPrefix, loadBalancerName, probeName)),
+							},
+						},
+					},
+				},
+			},
+			Tags: in.tags,
+		}, nil)
+
+	if err != nil {
+		return nil, fmt.Errorf("cannot create load balancer: %w", err)
+	}
+
+	resp, err := pollerResp.PollUntilDone(ctx, nil)
+	if err != nil {
+		return nil, err
+	}
+	return &resp.LoadBalancer, nil
+}
+
 func updateOutboundLoadBalancerToAPILoadBalancer(ctx context.Context, pip *armnetwork.PublicIPAddress, in *lbInput) (*armnetwork.LoadBalancer, error) {
 	loadBalancerName := in.infraID
 	probeName := "api-probe"
