Fix Azure Private Cluster

Author: vishu2498

api/v1beta1/azurecluster_default.go

@@ -278,6 +278,12 @@ func (c *AzureCluster) setAPIServerLBDefaults() {
 			}
 		}
 	} else if lb.Type == Internal {
+		var privateIP string
+		if lb.PrivateIP == "" {
+			privateIP = DefaultInternalLBIPAddress
+		} else {
+			privateIP = lb.PrivateIP
+		}
 		if lb.Name == "" {
 			lb.Name = generateInternalLBName(c.ObjectMeta.Name)
 		}
@@ -286,7 +292,7 @@ func (c *AzureCluster) setAPIServerLBDefaults() {
 				{
 					Name: generateFrontendIPConfigName(lb.Name),
 					FrontendIPClass: FrontendIPClass{
-						PrivateIPAddress: DefaultInternalLBIPAddress,
+						PrivateIPAddress: privateIP,
 					},
 				},
 			}

api/v1beta1/azurecluster_validation.go

@@ -439,8 +439,12 @@ func validateAPIServerLB(lb *LoadBalancerSpec, old *LoadBalancerSpec, cidrs []st
 					fldPath.Child("frontendIPConfigs").Index(0).Child("privateIP")); err != nil {
 					allErrs = append(allErrs, err)
 				}
-				if lb.IPAllocationMethod == "Static" && len(old.FrontendIPs) != 0 && old.FrontendIPs[0].PrivateIPAddress == "" && old.FrontendIPs[0].PrivateIPAddress != lb.FrontendIPs[0].PrivateIPAddress {
-					allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "API Server load balancer private IP should not be modified after AzureCluster creation."))
+				if lb.IPAllocationMethod == "Static" {
+					if old != nil {
+						if len(old.FrontendIPs) != 0 && old.FrontendIPs[0].PrivateIPAddress == "" && old.FrontendIPs[0].PrivateIPAddress != lb.FrontendIPs[0].PrivateIPAddress {
+							allErrs = append(allErrs, field.Forbidden(fldPath.Child("name"), "API Server load balancer private IP should not be modified after AzureCluster creation."))
+						}
+					}
 				}
 			}
 		}

api/v1beta1/types_class.go

@@ -510,6 +510,8 @@ type LoadBalancerClassSpec struct {
 	Type LBType `json:"type,omitempty"`
 	// +optional
 	IPAllocationMethod string `json:"ipAllocationMethod,omitempty"`
+	// +optional
+	PrivateIP string `json:"privateIP,omitempty"`
 	// IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.
 	// +optional
 	IdleTimeoutInMinutes *int32 `json:"idleTimeoutInMinutes,omitempty"`

azure/scope/cluster.go

@@ -266,6 +266,7 @@ func (s *ClusterScope) LBSpecs() []azure.ResourceSpecGetter {
 			Role:                 infrav1.APIServerRole,
 			BackendPoolName:      s.APIServerLB().BackendPool.Name,
 			IPAllocationMethod:   s.APIServerLB().IPAllocationMethod,
+			PrivateIP:            s.APIServerLB().PrivateIP,
 			IdleTimeoutInMinutes: s.APIServerLB().IdleTimeoutInMinutes,
 			AdditionalTags:       s.AdditionalTags(),
 		}

azure/services/loadbalancers/spec.go

@@ -40,6 +40,7 @@ type LBSpec struct {
 	Type                 infrav1.LBType
 	SKU                  infrav1.SKU
 	IPAllocationMethod   string
+	PrivateIP            string
 	VNetName             string
 	VNetResourceGroup    string
 	SubnetName           string
@@ -169,13 +170,17 @@ func getFrontendIPConfigs(lbSpec LBSpec) ([]*armnetwork.FrontendIPConfiguration,
 	frontendIDs := make([]*armnetwork.SubResource, 0)
 	for _, ipConfig := range lbSpec.FrontendIPConfigs {
 		var properties armnetwork.FrontendIPConfigurationPropertiesFormat
+		var privateIPAddress string
+		if lbSpec.IPAllocationMethod == "Static" {
+			privateIPAddress = ipConfig.PrivateIPAddress
+		}
 		if lbSpec.Type == infrav1.Internal {
 			properties = armnetwork.FrontendIPConfigurationPropertiesFormat{
 				PrivateIPAllocationMethod: ptr.To(armnetwork.IPAllocationMethodStatic),
 				Subnet: &armnetwork.Subnet{
 					ID: ptr.To(azure.SubnetID(lbSpec.SubscriptionID, lbSpec.VNetResourceGroup, lbSpec.VNetName, lbSpec.SubnetName)),
 				},
-				PrivateIPAddress: ptr.To(ipConfig.PrivateIPAddress),
+				PrivateIPAddress: ptr.To(privateIPAddress),
 			}
 		} else {
 			properties = armnetwork.FrontendIPConfigurationPropertiesFormat{