Skip to content

Commit 7271f50

Browse files
committed
azure: Fix the dualstack errors
Fixing a few errors like DNS conflict with ipv4 and ipv6 entry, trying to force CCM to use ipv6 primary etc.
1 parent 62d23b3 commit 7271f50

3 files changed

Lines changed: 51 additions & 59 deletions

File tree

pkg/infrastructure/azure/azure.go

Lines changed: 37 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -448,9 +448,14 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
448448
var extLBFQDN string
449449
if in.InstallConfig.Config.PublicAPI() {
450450
var publicIPv6 *armnetwork.PublicIPAddress
451+
v4InfraID := in.InfraID
452+
v6InfraID := ""
453+
if in.InstallConfig.Config.Azure.IPFamily.DualStackEnabled() {
454+
v6InfraID = fmt.Sprintf("%s-v6", in.InfraID)
455+
}
451456
publicIP, err := createPublicIP(ctx, &pipInput{
452457
name: fmt.Sprintf("%s-pip-v4", in.InfraID),
453-
infraID: in.InfraID,
458+
infraID: v4InfraID,
454459
region: in.InstallConfig.Config.Azure.Region,
455460
resourceGroup: resourceGroupName,
456461
pipClient: networkClientFactory.NewPublicIPAddressesClient(),
@@ -464,7 +469,7 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
464469
if in.InstallConfig.Config.Azure.IPFamily.DualStackEnabled() {
465470
publicIPv6, err = createPublicIP(ctx, &pipInput{
466471
name: fmt.Sprintf("%s-pip-v6", in.InfraID),
467-
infraID: in.InfraID,
472+
infraID: v6InfraID,
468473
region: in.InstallConfig.Config.Azure.Region,
469474
resourceGroup: resourceGroupName,
470475
pipClient: networkClientFactory.NewPublicIPAddressesClient(),
@@ -585,6 +590,36 @@ func (p *Provider) PostProvision(ctx context.Context, in clusterapi.PostProvisio
585590
return fmt.Errorf("failed to associate control plane VMs with external load balancer: %w", err)
586591
}
587592

593+
if in.InstallConfig.Config.Azure.IPFamily.DualStackEnabled() {
594+
bootstrapNicName := fmt.Sprintf("%s-bootstrap-nic", in.InfraID)
595+
nicClient := p.NetworkClientFactory.NewInterfacesClient()
596+
bootstrapNic, err := nicClient.Get(ctx, p.ResourceGroupName, bootstrapNicName, nil)
597+
if err != nil {
598+
return fmt.Errorf("failed to get bootstrap nic: %w", err)
599+
}
600+
for _, ipconfig := range bootstrapNic.Properties.IPConfigurations {
601+
if ipconfig.Properties.PrivateIPAddressVersion != nil && *ipconfig.Properties.PrivateIPAddressVersion == armnetwork.IPVersionIPv6 {
602+
for _, pool := range p.lbBackendAddressPools {
603+
if pool.Name != nil && strings.HasSuffix(*pool.Name, "-v6") {
604+
ipconfig.Properties.LoadBalancerBackendAddressPools = append(
605+
ipconfig.Properties.LoadBalancerBackendAddressPools,
606+
pool,
607+
)
608+
}
609+
}
610+
}
611+
}
612+
pollerResp, err := nicClient.BeginCreateOrUpdate(ctx, p.ResourceGroupName, bootstrapNicName, bootstrapNic.Interface, nil)
613+
if err != nil {
614+
return fmt.Errorf("failed to update bootstrap nic with IPv6 backend pools: %w", err)
615+
}
616+
_, err = pollerResp.PollUntilDone(ctx, nil)
617+
if err != nil {
618+
return fmt.Errorf("failed to update bootstrap nic with IPv6 backend pools: %w", err)
619+
}
620+
logrus.Debugf("associated bootstrap NIC with IPv6 backend pools")
621+
}
622+
588623
sshRuleName := fmt.Sprintf("%s_ssh_in", in.InfraID)
589624

590625
loadBalancerName := in.InfraID
@@ -630,27 +665,6 @@ func (p *Provider) PostProvision(ctx context.Context, in clusterapi.PostProvisio
630665

631666
// For dual-stack, create IPv6 inbound rule for SSH access to bootstrap.
632667
if in.InstallConfig.Config.Azure.IPFamily.DualStackEnabled() {
633-
publicIPv6outbound, err := createPublicIP(ctx, &pipInput{
634-
name: fmt.Sprintf("%s-pip-v6-outbound-lb", in.InfraID),
635-
infraID: in.InfraID,
636-
region: in.InstallConfig.Config.Azure.Region,
637-
resourceGroup: p.ResourceGroupName,
638-
pipClient: p.NetworkClientFactory.NewPublicIPAddressesClient(),
639-
tags: p.Tags,
640-
ipversion: armnetwork.IPVersionIPv6,
641-
})
642-
if err != nil {
643-
return fmt.Errorf("failed to create public ipv6 for outbound ipv6 lb: %w", err)
644-
}
645-
logrus.Debugf("created public ipv6 for outbound ipv6 lb: %s", *publicIPv6outbound.ID)
646-
647-
// Update the outbound node IPv6 load balancer.
648-
outboundLBName := fmt.Sprintf("%s-ipv6-outbound-node-lb", in.InfraID)
649-
err = updateOutboundIPv6LoadBalancer(ctx, publicIPv6outbound, p.NetworkClientFactory.NewLoadBalancersClient(), p.ResourceGroupName, outboundLBName, in.InfraID)
650-
if err != nil {
651-
return fmt.Errorf("failed to set public ipv6 to outbound ipv6 lb: %w", err)
652-
}
653-
logrus.Debugf("updated outbound ipv6 lb %s with public ipv6: %s", outboundLBName, *publicIPv6outbound.ID)
654668
frontendIPv6ConfigName := "public-lb-ip-v6"
655669
sshRuleNameV6 := fmt.Sprintf("%s_ssh_in_v6", in.InfraID)
656670
frontendIPv6ConfigID := fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/loadBalancers/%s/frontendIPConfigurations/%s",

pkg/infrastructure/azure/network.go

Lines changed: 11 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,15 @@ type inboundNatRuleInput struct {
7373
}
7474

7575
func createPublicIP(ctx context.Context, in *pipInput) (*armnetwork.PublicIPAddress, error) {
76+
properties := &armnetwork.PublicIPAddressPropertiesFormat{
77+
PublicIPAddressVersion: to.Ptr(in.ipversion),
78+
PublicIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodStatic),
79+
}
80+
if in.infraID != "" {
81+
properties.DNSSettings = &armnetwork.PublicIPAddressDNSSettings{
82+
DomainNameLabel: to.Ptr(in.infraID),
83+
}
84+
}
7685
pollerResp, err := in.pipClient.BeginCreateOrUpdate(
7786
ctx,
7887
in.resourceGroup,
@@ -84,14 +93,8 @@ func createPublicIP(ctx context.Context, in *pipInput) (*armnetwork.PublicIPAddr
8493
Name: to.Ptr(armnetwork.PublicIPAddressSKUNameStandard),
8594
Tier: to.Ptr(armnetwork.PublicIPAddressSKUTierRegional),
8695
},
87-
Properties: &armnetwork.PublicIPAddressPropertiesFormat{
88-
PublicIPAddressVersion: to.Ptr(in.ipversion),
89-
PublicIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodStatic),
90-
DNSSettings: &armnetwork.PublicIPAddressDNSSettings{
91-
DomainNameLabel: to.Ptr(in.infraID),
92-
},
93-
},
94-
Tags: in.tags,
96+
Properties: properties,
97+
Tags: in.tags,
9598
},
9699
nil,
97100
)
@@ -764,31 +767,3 @@ func associateNatGatewayToSubnet(ctx context.Context, in natGatewayInput) error
764767
}
765768
return nil
766769
}
767-
768-
func updateOutboundIPv6LoadBalancer(ctx context.Context, pipv6 *armnetwork.PublicIPAddress, lbClient *armnetwork.LoadBalancersClient, resourceGroup, loadBalancerName, infraID string) error {
769-
outboundIPv6LB, err := lbClient.Get(ctx, resourceGroup, loadBalancerName, nil)
770-
if err != nil {
771-
return fmt.Errorf("failed to get external load balancer: %w", err)
772-
}
773-
774-
loadBalancer := outboundIPv6LB.LoadBalancer
775-
loadBalancer.Properties.FrontendIPConfigurations = append(loadBalancer.Properties.FrontendIPConfigurations, &armnetwork.FrontendIPConfiguration{
776-
Name: to.Ptr(fmt.Sprintf("%s-frontend-ipv6", infraID)),
777-
Properties: &armnetwork.FrontendIPConfigurationPropertiesFormat{
778-
PrivateIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodDynamic),
779-
PublicIPAddress: pipv6,
780-
},
781-
})
782-
783-
pollerResp, err := lbClient.BeginCreateOrUpdate(ctx,
784-
resourceGroup,
785-
loadBalancerName,
786-
loadBalancer, nil)
787-
788-
if err != nil {
789-
return fmt.Errorf("cannot update outbound node ipv6 load balancer: %w", err)
790-
}
791-
792-
_, err = pollerResp.PollUntilDone(ctx, nil)
793-
return err
794-
}

pkg/types/validation/installconfig.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -381,6 +381,9 @@ func validateNetworkingIPVersion(n *types.Networking, p *types.Platform) field.E
381381
switch {
382382
case p.Azure != nil && experimentalDualStackEnabled:
383383
logrus.Warnf("Using experimental Azure dual-stack support")
384+
if p.Azure.IPFamily == network.DualStackIPv6Primary {
385+
allowV6Primary = true
386+
}
384387
case p.BareMetal != nil:
385388
// We now support ipv6-primary dual stack on baremetal
386389
allowV6Primary = true

0 commit comments

Comments
 (0)