Skip to content

IPAM operator Integration for allocating IPs#302

Draft
liwonMS wants to merge 34 commits intomicrosoft:masterfrom
liwonMS:users/liwon/ipam
Draft

IPAM operator Integration for allocating IPs#302
liwonMS wants to merge 34 commits intomicrosoft:masterfrom
liwonMS:users/liwon/ipam

Conversation

@liwonMS
Copy link

@liwonMS liwonMS commented Dec 20, 2025

No description provided.

liwonMS and others added 21 commits December 20, 2025 09:51
@liwonMS
add ipam svc
68ea2e4
@liwonMS
use static ip annotation
1626f34
@liwonMS
add vnet check
8638c19
@liwonMS
lint
d1d78d3
@liwonMS
add recocnileNics in reconcileNormal
1eb45ab
@liwonMS
fix static anoaton, deletion wait, rbac
844234b
@liwonMS
rename, add arcbridge vnet
c6f9735
@liwonMS
add moc fallback on create conflict
be4d0c5
@liwonMS
use waitPoll
caa7a35
@liwonMS
fix multierr
c387ac6
@liwonMS
rename to service, user polluntillContext for nic deletion
40134be
@liwonMS
imporve log, fix delete loop, add sync after create
6ce0085
@liwonMS
fix sync, fix delete
0d4f639
@liwonMS
add ippool annotaiton
4ac0a13
@jeanlag1
Changes to use refactored ipam helper pkg from azstackhci-operator (#1)
455e14e 
* refactored ipam helper

* saving

---------

Co-authored-by: Jean Laguerre <jlaguerre@microsoft.com>
@liwonMS
use refactored library
5483ca0
@jeanlag1
Legacy LB ipam integration (#2)
b2a3d7a 
* saving working version

* refactored

---------

Co-authored-by: Jean Laguerre <jlaguerre@microsoft.com>
@liwonMS
adding go.mod change and make file
637c578
@liwonMS
fix function with new pkg
391d2f8
@liwonMS
fix go mod
5f27327
@liwonMS
add AI review fixes
7c0fa09
@liwonMS liwonMS marked this pull request as ready for review February 3, 2026 07:57
@liwonMS liwonMS marked this pull request as draft February 3, 2026 07:59
@jeanlag1
Copy link

jeanlag1 commented Feb 21, 2026
edited
Loading

Adding description:

Description

This PR integrates IP Address Management (IPAM) into the Cluster API Provider for Azure Stack HCI (CAPH), enabling NIC and load balancer IP allocations to be tracked and managed through Kubernetes-native IPAddressClaim resources.

What this PR does

  • Adds a shared IPAM library (pkg/ipam/ipclaim_helper.go) — a reusable 600-line module that manages the full IPAddressClaim lifecycle including creation, status polling, IP extraction, and cleanup. Supports two allocation sources: operator-ipam (allocated by the IPAM operator) and moc-ipam (allocated by MOC, then synced for tracking). Includes a pluggable telemetry interface for operation logging.

  • NIC IPAM integration (cloud/services/networkinterfaces/) — Adds IPAMService to the NIC reconciliation flow. Before MOC provisioning, an IPAddressClaim is created for each NIC. After provisioning, MOC-assigned IPs are synced back to IPAM for tracking. Includes IP conflict detection and retry logic (handleIPAddressConflictRetry).

  • Load balancer IPAM integration (cloud/services/loadbalancers/) — Adds IPAMService to the LB reconciliation flow, creating IPAddressClaims for frontend IPs and syncing MOC-allocated IPs. Claims are cleaned up on LB deletion.

  • Controller and infrastructure updates — Updates VM reconciler, cluster/LB/VM controllers to pass IPAMService through the reconciliation chain. Registers IPAddressClaim and IPAddress types in the scheme (cmd/manager/main.go). Adds RBAC permissions for ipaddressclaims and ipaddresses resources.

  • Code quality fixes — Fixes format string warnings in condition reporting across cluster and LB controllers (non-functional, addresses fmt.Errorf style linting).

Why

IPAM integration enables centralized IP lifecycle management across HybridAKS clusters, preventing IP conflicts and providing visibility into IP allocations through standard Kubernetes CRDs.

nwoodmsft
nwoodmsft reviewed Mar 12, 2026
View reviewed changes
pkg/ipam/ipclaim_helper.go
ArcVMLnetMocResourceGroup = "Default_Group"

// ManagementVnetName is the name of the management VNet (skip IPAM for this)
ManagementVnetName = "vnet-arcbridge"
Copy link
Member

@nwoodmsft nwoodmsft Mar 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is accurate for the current Azure Local default, but not for all management clusters that leverage CAPH (e.g. for AKS-HCI product the VNET name is provided by the customer). The group name is more predictable (i.e. group name used for management resources, including the vnet). The group name also differs between Azure Local and AKS-HCI, but it is not a customer provided string.

Copy link
Author

@liwonMS liwonMS Mar 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a later check checks for the group name. The IPAM is only enabled if the vnet is in the Arc VM Default_Group. Will also enhance the check for Arc VM specific tag on the vnet so we only exercise ipam code when it's Arc VM lnets.

@liwonMS liwonMS changed the title IPAM for Nic reconcile IPAM operator Integration for allocating IPs Mar 12, 2026
liwonMS and others added 3 commits March 12, 2026 19:34
@liwonMS
Merge remote-tracking branch 'upstream/master' into users/liwon/merge2
392c269 
# Conflicts:
#	cmd/manager/main.go
#	controllers/azurestackhcicluster_controller.go
#	controllers/azurestackhciloadbalancer_controller.go
#	controllers/azurestackhciloadbalancer_virtualmachine.go
#	controllers/azurestackhcivirtualmachine_controller.go
#	go.mod
#	go.sum
@liwonMS
Merge pull request #6 from liwonMS/users/liwon/merge2
84fa8d8 
Users/liwon/merge2
@liwonMS
update isIPAMEnabled with tag checks and update docs for other functi…
d1e3e40 
…ons.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nwoodmsft nwoodmsft nwoodmsft requested changes

@pradipd pradipd Awaiting requested review from pradipd pradipd is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@liwonMS @jeanlag1 @nwoodmsft @yingzhan-msft