Group API server fields under spec.apiServer

Consolidate the various flat API server fields (apiServerFloatingIP,
apiServerFixedIP, apiServerPort, disableAPIServerFloatingIP, and
apiServerLoadBalancer) into a single structured spec.apiServer object,
with apiServerLoadBalancer renamed to managedLoadBalancer within it.
Includes conversion from v1beta1 and updated webhook validation.

Author: nikParasyr

api/v1beta1/conversion.go

@@ -397,6 +397,25 @@ func Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(
 		}
 	}
 
+	// Consolidate the flat v1beta1 APIServer fields into the new APIServer struct.
+	if in.APIServerLoadBalancer != nil ||
+		in.DisableAPIServerFloatingIP != nil ||
+		in.APIServerFloatingIP != nil ||
+		in.APIServerFixedIP != nil ||
+		in.APIServerPort != nil {
+		out.APIServer = &infrav1.APIServer{
+			DisableFloatingIP: in.DisableAPIServerFloatingIP,
+			FloatingIP:        in.APIServerFloatingIP,
+			FixedIP:           in.APIServerFixedIP,
+			Port:              in.APIServerPort,
+		}
+		// APIServerLoadBalancer is structurally identical between versions,
+		// so an unsafe cast is safe here (same field layout).
+		if in.APIServerLoadBalancer != nil {
+			out.APIServer.ManagedLoadBalancer = (*infrav1.APIServerLoadBalancer)(unsafe.Pointer(in.APIServerLoadBalancer))
+		}
+	}
+
 	return nil
 }
 
@@ -427,6 +446,18 @@ func Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(
 		}
 	}
 
+	// Expand the v1beta2 APIServer struct back into the flat v1beta1 fields.
+	if in.APIServer != nil {
+		out.DisableAPIServerFloatingIP = in.APIServer.DisableFloatingIP
+		out.APIServerFloatingIP = in.APIServer.FloatingIP
+		out.APIServerFixedIP = in.APIServer.FixedIP
+		out.APIServerPort = in.APIServer.Port
+
+		if in.APIServer.ManagedLoadBalancer != nil {
+			out.APIServerLoadBalancer = (*APIServerLoadBalancer)(unsafe.Pointer(in.APIServer.ManagedLoadBalancer))
+		}
+	}
+
 	return nil
 }
 

api/v1beta1/conversion_test.go

@@ -1216,3 +1216,140 @@ func TestOpenStackCluster_RoundTrip_ManagedSecurityGroups_ClusterNodesRules(t *t
 		})
 	}
 }
+
+func TestOpenStackCluster_RoundTrip_APIServer(t *testing.T) {
+	floatingIP := optional.String(ptr.To("203.0.113.10"))
+	fixedIP := optional.String(ptr.To("10.0.0.5"))
+	port := optional.UInt16(ptr.To(uint16(6443)))
+	disable := optional.Bool(ptr.To(true))
+
+	tests := []struct {
+		name string
+		in   OpenStackCluster
+	}{
+		{
+			name: "all fields set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerFloatingIP:        floatingIP,
+					APIServerFixedIP:           fixedIP,
+					APIServerPort:              port,
+					DisableAPIServerFloatingIP: disable,
+					APIServerLoadBalancer: &APIServerLoadBalancer{
+						Enabled: ptr.To(true),
+					},
+				},
+			},
+		},
+		{
+			name: "only floatingIP set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerFloatingIP: floatingIP,
+				},
+			},
+		},
+		{
+			name: "only fixedIP set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerFixedIP: fixedIP,
+				},
+			},
+		},
+		{
+			name: "only port set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerPort: port,
+				},
+			},
+		},
+		{
+			name: "only disableFloatingIP set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					DisableAPIServerFloatingIP: disable,
+				},
+			},
+		},
+		{
+			name: "only loadBalancer set",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerLoadBalancer: &APIServerLoadBalancer{
+						Enabled: ptr.To(true),
+					},
+				},
+			},
+		},
+		{
+			name: "loadBalancer disabled explicitly",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					APIServerLoadBalancer: &APIServerLoadBalancer{
+						Enabled: ptr.To(false),
+					},
+				},
+			},
+		},
+		{
+			name: "disableFloatingIP with fixedIP (no-LB VIP case)",
+			in: OpenStackCluster{
+				Spec: OpenStackClusterSpec{
+					DisableAPIServerFloatingIP: disable,
+					APIServerFixedIP:           fixedIP,
+				},
+			},
+		},
+		{
+			name: "no APIServer fields set — APIServer stays nil",
+			in:   OpenStackCluster{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			hub := &infrav1.OpenStackCluster{}
+			g.Expect(tt.in.ConvertTo(hub)).To(Succeed())
+
+			src := tt.in.Spec
+
+			// --- Verify intermediate v1beta2 state ---
+			allNil := src.APIServerFloatingIP == nil &&
+				src.APIServerFixedIP == nil &&
+				src.APIServerPort == nil &&
+				src.DisableAPIServerFloatingIP == nil &&
+				src.APIServerLoadBalancer == nil
+
+			if allNil {
+				g.Expect(hub.Spec.APIServer).To(BeNil(), "APIServer should be nil when no source fields are set")
+			} else {
+				g.Expect(hub.Spec.APIServer).NotTo(BeNil(), "APIServer should be non-nil when at least one source field is set")
+				g.Expect(hub.Spec.APIServer.FloatingIP).To(Equal(src.APIServerFloatingIP))
+				g.Expect(hub.Spec.APIServer.FixedIP).To(Equal(src.APIServerFixedIP))
+				g.Expect(hub.Spec.APIServer.Port).To(Equal(src.APIServerPort))
+				g.Expect(hub.Spec.APIServer.DisableFloatingIP).To(Equal(src.DisableAPIServerFloatingIP))
+
+				if src.APIServerLoadBalancer == nil {
+					g.Expect(hub.Spec.APIServer.ManagedLoadBalancer).To(BeNil())
+				} else {
+					g.Expect(hub.Spec.APIServer.ManagedLoadBalancer).NotTo(BeNil())
+					g.Expect(hub.Spec.APIServer.ManagedLoadBalancer.Enabled).To(Equal(src.APIServerLoadBalancer.Enabled))
+				}
+			}
+
+			// --- Verify full round-trip back to v1beta1 ---
+			restored := &OpenStackCluster{}
+			g.Expect(restored.ConvertFrom(hub)).To(Succeed())
+
+			g.Expect(restored.Spec.APIServerFloatingIP).To(Equal(src.APIServerFloatingIP))
+			g.Expect(restored.Spec.APIServerFixedIP).To(Equal(src.APIServerFixedIP))
+			g.Expect(restored.Spec.APIServerPort).To(Equal(src.APIServerPort))
+			g.Expect(restored.Spec.DisableAPIServerFloatingIP).To(Equal(src.DisableAPIServerFloatingIP))
+			g.Expect(restored.Spec.APIServerLoadBalancer).To(Equal(src.APIServerLoadBalancer))
+		})
+	}
+}

api/v1beta1/zz_generated.conversion.go

@@ -31,7 +31,7 @@ const (
 
 // OpenStackClusterSpec defines the desired state of OpenStackCluster.
 // +kubebuilder:validation:XValidation:rule="has(self.disableExternalNetwork) && self.disableExternalNetwork ? !has(self.bastion) || !has(self.bastion.floatingIP) : true",message="bastion floating IP cannot be set when disableExternalNetwork is true"
-// +kubebuilder:validation:XValidation:rule="has(self.disableExternalNetwork) && self.disableExternalNetwork ? has(self.disableAPIServerFloatingIP) && self.disableAPIServerFloatingIP : true",message="disableAPIServerFloatingIP cannot be false when disableExternalNetwork is true"
+// +kubebuilder:validation:XValidation:rule="has(self.disableExternalNetwork) && self.disableExternalNetwork ? has(self.apiServer) && has(self.apiServer.disableFloatingIP) && self.apiServer.disableFloatingIP : true",message="apiServer.disableFloatingIP cannot be false when disableExternalNetwork is true"
 type OpenStackClusterSpec struct {
 	// managedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network,
 	// subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
@@ -94,48 +94,10 @@ type OpenStackClusterSpec struct {
 	// +optional
 	DisableExternalNetwork optional.Bool `json:"disableExternalNetwork,omitempty"`
 
-	// apiServerLoadBalancer configures the optional LoadBalancer for the APIServer.
-	// If not specified, no load balancer will be created for the API server.
+	// apiServer configures the API server endpoint and its associated
+	// load balancer and floating IP.
 	// +optional
-	APIServerLoadBalancer *APIServerLoadBalancer `json:"apiServerLoadBalancer,omitempty"`
-
-	// disableAPIServerFloatingIP determines whether or not to attempt to attach a floating
-	// IP to the API server. This allows for the creation of clusters when attaching a floating
-	// IP to the API server (and hence, in many cases, exposing the API server to the internet)
-	// is not possible or desirable, e.g. if using a shared VLAN for communication between
-	// management and workload clusters or when the management cluster is inside the
-	// project network.
-	// This option requires that the API server use a VIP on the cluster network so that the
-	// underlying machines can change without changing ControlPlaneEndpoint.Host.
-	// When using a managed load balancer, this VIP will be managed automatically.
-	// If not using a managed load balancer, cluster configuration will fail without additional
-	// configuration to manage the VIP on the control plane machines, which falls outside of
-	// the scope of this controller.
-	// +optional
-	DisableAPIServerFloatingIP optional.Bool `json:"disableAPIServerFloatingIP,omitempty"`
-
-	// apiServerFloatingIP is the floatingIP which will be associated with the API server.
-	// The floatingIP will be created if it does not already exist.
-	// If not specified, a new floatingIP is allocated.
-	// This field is not used if DisableAPIServerFloatingIP is set to true.
-	// +optional
-	APIServerFloatingIP optional.String `json:"apiServerFloatingIP,omitempty"`
-
-	// apiServerFixedIP is the fixed IP which will be associated with the API server.
-	// In the case where the API server has a floating IP but not a managed load balancer,
-	// this field is not used.
-	// If a managed load balancer is used and this field is not specified, a fixed IP will
-	// be dynamically allocated for the load balancer.
-	// If a managed load balancer is not used AND the API server floating IP is disabled,
-	// this field MUST be specified and should correspond to a pre-allocated port that
-	// holds the fixed IP to be used as a VIP.
-	// +optional
-	APIServerFixedIP optional.String `json:"apiServerFixedIP,omitempty"`
-
-	// apiServerPort is the port on which the listener on the APIServer
-	// will be created. If specified, it must be an integer between 0 and 65535.
-	// +optional
-	APIServerPort optional.UInt16 `json:"apiServerPort,omitempty"`
+	APIServer *APIServer `json:"apiServer,omitempty"`
 
 	// managedSecurityGroups determines whether OpenStack security groups for the cluster
 	// will be managed by the OpenStack provider or whether pre-existing security groups will
@@ -189,6 +151,41 @@ type OpenStackClusterSpec struct {
 	IdentityRef OpenStackIdentityReference `json:"identityRef"`
 }
 
+type APIServer struct {
+	// port is the port on which the API server listener will be created.
+	// If specified, it must be an integer between 0 and 65535.
+	// +optional
+	Port optional.UInt16 `json:"port,omitempty"`
+
+	// fixedIP is the fixed IP which will be associated with the API server.
+	// In the case where the API server has a floating IP but not a managed
+	// load balancer, this field is not used.
+	// If a managed load balancer is used and this field is not specified, a
+	// fixed IP will be dynamically allocated for the load balancer.
+	// If a managed load balancer is not used AND the floating IP is disabled,
+	// this field MUST be specified and should correspond to a pre-allocated
+	// port that holds the fixed IP to be used as a VIP.
+	// +optional
+	FixedIP optional.String `json:"fixedIP,omitempty"`
+
+	// floatingIP is the floating IP which will be associated with the API server.
+	// The floating IP will be created if it does not already exist.
+	// If not specified, a new floating IP is allocated.
+	// This field is not used if DisableFloatingIP is set to true.
+	// +optional
+	FloatingIP optional.String `json:"floatingIP,omitempty"`
+
+	// disableFloatingIP determines whether or not to attempt to attach a
+	// floating IP to the API server.
+	// +optional
+	DisableFloatingIP optional.Bool `json:"disableFloatingIP,omitempty"`
+
+	// managedLoadBalancer configures the optional LoadBalancer for the API server.
+	// If not specified, no load balancer will be created.
+	// +optional
+	ManagedLoadBalancer *APIServerLoadBalancer `json:"managedLoadBalancer,omitempty"`
+}
+
 // ClusterInitialization represents the initialization status of the cluster.
 type ClusterInitialization struct {
 	// provisioned is set to true when the initial provisioning of the cluster infrastructure is completed.
@@ -363,3 +360,38 @@ func (c *OpenStackCluster) GetIdentityRef() (*string, *OpenStackIdentityReferenc
 func init() {
 	objectTypes = append(objectTypes, &OpenStackCluster{}, &OpenStackClusterList{})
 }
+
+func (a *APIServer) GetManagedLoadBalancer() *APIServerLoadBalancer {
+	if a == nil {
+		return nil
+	}
+	return a.ManagedLoadBalancer
+}
+
+func (a *APIServer) GetDisableFloatingIP() *bool {
+	if a == nil {
+		return nil
+	}
+	return a.DisableFloatingIP
+}
+
+func (a *APIServer) GetFloatingIP() *string {
+	if a == nil {
+		return nil
+	}
+	return a.FloatingIP
+}
+
+func (a *APIServer) GetFixedIP() *string {
+	if a == nil {
+		return nil
+	}
+	return a.FixedIP
+}
+
+func (a *APIServer) GetPort() *uint16 {
+	if a == nil {
+		return nil
+	}
+	return a.Port
+}