Prevent default API and Ingress VIP generation for user-managed load balancers

- Previously, when API and Ingress VIPs were not specified, default values were automatically generated for user-managed load balancers.This was unintended behavior. Now, if the user does not explicitly provide API and Ingress VIPs, a fatal error is thrown instead.
2026-02-05 15:47:14 +01:00 · 2025-03-17 16:06:11 +01:00
parent 8dfa1e05e2
commit 072eb5b58e
1 changed files with 31 additions and 25 deletions
--- a/pkg/types/openstack/defaults/platform.go
+++ b/pkg/types/openstack/defaults/platform.go
@@ -6,6 +6,7 @@ import (

 	"github.com/apparentlymart/go-cidr/cidr"

+	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/types/openstack"
 )
@@ -25,32 +26,37 @@ func SetPlatformDefaults(p *openstack.Platform, n *types.Networking) {
 			p.Cloud = DefaultCloudName
 		}
 	}
-	// APIVIP returns the internal virtual IP address (VIP) put in front
-	// of the Kubernetes API server for use by components inside the
-	// cluster. The DNS static pods running on the nodes resolve the
-	// api-int record to APIVIP.
-	if len(p.APIVIPs) == 0 && p.DeprecatedAPIVIP == "" {
-		vip, err := cidr.Host(&n.MachineNetwork[0].CIDR.IPNet, 5)
-		if err != nil {
-			// This will fail validation and abort the install
-			p.APIVIPs = []string{fmt.Sprintf("could not derive API VIP from machine networks: %s", err.Error())}
-		} else {
-			p.APIVIPs = []string{vip.String()}
+
+	// When using user-managed loadbalancer do not generate default API and Ingress VIPs
+	if p.LoadBalancer.Type != configv1.LoadBalancerTypeUserManaged {
+		// APIVIP returns the internal virtual IP address (VIP) put in front
+		// of the Kubernetes API server for use by components inside the
+		// cluster. The DNS static pods running on the nodes resolve the
+		// api-int record to APIVIP.
+		if len(p.APIVIPs) == 0 && p.DeprecatedAPIVIP == "" {
+			vip, err := cidr.Host(&n.MachineNetwork[0].CIDR.IPNet, 5)
+			if err != nil {
+				// This will fail validation and abort the install
+				p.APIVIPs = []string{fmt.Sprintf("could not derive API VIP from machine networks: %s", err.Error())}
+			} else {
+				p.APIVIPs = []string{vip.String()}
+			}
+		}
+
+		// IngressVIP returns the internal virtual IP address (VIP) put in
+		// front of the OpenShift router pods. This provides the internal
+		// accessibility to the internal pods running on the worker nodes,
+		// e.g. `console`. The DNS static pods running on the nodes resolve
+		// the wildcard apps record to IngressVIP.
+		if len(p.IngressVIPs) == 0 && p.DeprecatedIngressVIP == "" {
+			vip, err := cidr.Host(&n.MachineNetwork[0].CIDR.IPNet, 7)
+			if err != nil {
+				// This will fail validation and abort the install
+				p.IngressVIPs = []string{fmt.Sprintf("could not derive Ingress VIP from machine networks: %s", err.Error())}
+			} else {
+				p.IngressVIPs = []string{vip.String()}
+			}
 		}
 	}

-	// IngressVIP returns the internal virtual IP address (VIP) put in
-	// front of the OpenShift router pods. This provides the internal
-	// accessibility to the internal pods running on the worker nodes,
-	// e.g. `console`. The DNS static pods running on the nodes resolve
-	// the wildcard apps record to IngressVIP.
-	if len(p.IngressVIPs) == 0 && p.DeprecatedIngressVIP == "" {
-		vip, err := cidr.Host(&n.MachineNetwork[0].CIDR.IPNet, 7)
-		if err != nil {
-			// This will fail validation and abort the install
-			p.IngressVIPs = []string{fmt.Sprintf("could not derive Ingress VIP from machine networks: %s", err.Error())}
-		} else {
-			p.IngressVIPs = []string{vip.String()}
-		}
-	}
 }