azure

package

v0.1.75 Latest Latest Go to latest Published: Apr 6, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openshift/hypershift

Links

Documentation ¶

Overview ¶

Package azure implements the management-plane side of Azure Private Link Service (PLS) lifecycle for self-managed HyperShift hosted clusters.

Architecture: Azure private topology uses a split HO/CPO controller pattern (similar to AWS Private Link and GCP Private Service Connect):

KAS Service (internal LB) → CPO Observer detects ILB IP →
  creates AzurePrivateLinkService CR → HO controller (this package) creates PLS in Azure →
  CPO controller creates Private Endpoint + DNS in guest VNet

The HO controller runs in the management cluster with broad Azure credentials (Network Contributor on the management resource group). It watches AzurePrivateLinkService CRs across all namespaces and creates/deletes the Azure PLS resource that fronts each hosted cluster's internal load balancer.

Azure SDK client interfaces (PrivateLinkServicesAPI, LoadBalancersAPI) are used instead of concrete types to enable unit testing with mocks.

Azure Credentials:

The HO controller runs in the management cluster and uses the management cluster's Azure workload identity (typically Network Contributor on the management resource group). Required Azure RBAC permissions:

Microsoft.Network/privateLinkServices/read, write, delete (PLS lifecycle)
Microsoft.Network/loadBalancers/read (ILB frontend IP lookup)

Index ¶

type AzurePrivateLinkServiceController
- func (r *AzurePrivateLinkServiceController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *AzurePrivateLinkServiceController) SetupWithManager(mgr ctrl.Manager) error
type LoadBalancersAPI
type PrivateLinkServicesAPI
type SubnetsAPI

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AzurePrivateLinkServiceController ¶

type AzurePrivateLinkServiceController struct {
	client.Client
	PrivateLinkServices     PrivateLinkServicesAPI
	LoadBalancers           LoadBalancersAPI
	Subnets                 SubnetsAPI
	ManagementResourceGroup string
}

AzurePrivateLinkServiceController reconciles AzurePrivateLinkService resources. It watches AzurePrivateLinkService CRDs across all namespaces and manages the lifecycle of Azure Private Link Service resources.

func (*AzurePrivateLinkServiceController) Reconcile ¶

func (r *AzurePrivateLinkServiceController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile manages the Azure Private Link Service for a hosted cluster. Steps: fetch CR → handle deletion → add finalizer → find HostedCluster → check paused → wait for LoadBalancerIP → look up ILB → create PLS.

func (*AzurePrivateLinkServiceController) SetupWithManager ¶

func (r *AzurePrivateLinkServiceController) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type LoadBalancersAPI ¶

type LoadBalancersAPI interface {
	NewListPager(resourceGroupName string, options *armnetwork.LoadBalancersClientListOptions) *azruntime.Pager[armnetwork.LoadBalancersClientListResponse]
}

LoadBalancersAPI abstracts the Azure Load Balancers client

type PrivateLinkServicesAPI ¶

type PrivateLinkServicesAPI interface {
	BeginCreateOrUpdate(ctx context.Context, resourceGroupName string, serviceName string, parameters armnetwork.PrivateLinkService, options *armnetwork.PrivateLinkServicesClientBeginCreateOrUpdateOptions) (*azruntime.Poller[armnetwork.PrivateLinkServicesClientCreateOrUpdateResponse], error)
	BeginDelete(ctx context.Context, resourceGroupName string, serviceName string, options *armnetwork.PrivateLinkServicesClientBeginDeleteOptions) (*azruntime.Poller[armnetwork.PrivateLinkServicesClientDeleteResponse], error)
	Get(ctx context.Context, resourceGroupName string, serviceName string, options *armnetwork.PrivateLinkServicesClientGetOptions) (armnetwork.PrivateLinkServicesClientGetResponse, error)
	UpdatePrivateEndpointConnection(ctx context.Context, resourceGroupName string, serviceName string, peConnectionName string, parameters armnetwork.PrivateEndpointConnection, options *armnetwork.PrivateLinkServicesClientUpdatePrivateEndpointConnectionOptions) (armnetwork.PrivateLinkServicesClientUpdatePrivateEndpointConnectionResponse, error)
}

PrivateLinkServicesAPI abstracts the Azure Private Link Services client

type SubnetsAPI ¶

type SubnetsAPI interface {
	Get(ctx context.Context, resourceGroupName string, virtualNetworkName string, subnetName string, options *armnetwork.SubnetsClientGetOptions) (armnetwork.SubnetsClientGetResponse, error)
	BeginCreateOrUpdate(ctx context.Context, resourceGroupName string, virtualNetworkName string, subnetName string, subnetParameters armnetwork.Subnet, options *armnetwork.SubnetsClientBeginCreateOrUpdateOptions) (*azruntime.Poller[armnetwork.SubnetsClientCreateOrUpdateResponse], error)
}

SubnetsAPI abstracts the Azure Subnets client for auto-creating NAT subnets

Source Files ¶

View all Source files

controller.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL