PLT-1780: Added support for Private api server lb support for azure i… (#621)

* PLT-1780: Added support for Private api server lb support for azure iaas cluster

* Added documentation

* updated example

* fix unit test fix

* updated sdk

Signed-off-by: Sivaanand Murugesan <[email protected]>

* fix with re

---------

Signed-off-by: Sivaanand Murugesan <[email protected]>

Author: SivaanandM

docs/resources/cluster_azure.md

@@ -32,6 +32,26 @@ resource "spectrocloud_cluster_azure" "cluster" {
     resource_group  = var.azure_resource_group
     region          = var.azure_region
     ssh_key         = var.cluster_ssh_public_key
+
+     //Static placement config
+        #    network_resource_group = "test-resource-group"
+        #    virtual_network_name = "test-network-name"
+        #    virtual_network_cidr_block = "10.0.0.9/10"
+        #    control_plane_subnet {
+        #      name="cp_subnet_name"
+        #      cidr_block="10.0.0.9/16"
+        #      security_group_name="cp_subnet_security_name"
+        #    }
+        #    worker_node_subnet {
+        #      name="worker_subnet_name"
+        #      cidr_block="10.0.0.9/16"
+        #      security_group_name="worker_subnet_security_name"
+        #    }
+        #    private_api_server {
+        #      resource_group = "test-resource-group"
+        #      private_dns_zone = "test-private-dns-zone"
+        #      static_ip = "10.11.12.51"
+        #    }
   }
 
   cluster_profile {
@@ -157,6 +177,7 @@ Optional:
 - `container_name` (String) Container name within your azure storage account.
 - `control_plane_subnet` (Block List, Max: 1) (see [below for nested schema](#nestedblock--cloud_config--control_plane_subnet))
 - `network_resource_group` (String) Azure network resource group in which the cluster is to be provisioned.
+- `private_api_server` (Block List, Max: 1) Custom private DNS zone for your cluster's API server. For more details, refer to the https://docs.spectrocloud.com/clusters/public-cloud/azure/create-azure-cluster/#private-api-server-lb-settings (see [below for nested schema](#nestedblock--cloud_config--private_api_server))
 - `storage_account_name` (String) Azure storage account name.
 - `virtual_network_cidr_block` (String) Azure virtual network cidr block in which the cluster is to be provisioned.
 - `virtual_network_name` (String) Azure virtual network in which the cluster is to be provisioned.
@@ -175,6 +196,19 @@ Optional:
 - `security_group_name` (String) Network Security Group(NSG) to be attached to subnet.
 
 
+<a id="nestedblock--cloud_config--private_api_server"></a>
+### Nested Schema for `cloud_config.private_api_server`
+
+Required:
+
+- `resource_group` (String) The resource group of the private DNS zone.
+
+Optional:
+
+- `private_dns_zone` (String) The private DNS zone for the cluster. This is optional. If not provided, a new private DNS zone will be created.
+- `static_ip` (String) Static IP address for the private API server load balancer. This is optional. If not provided, Dynamic IP allocation will be used.
+
+
 <a id="nestedblock--cloud_config--worker_node_subnet"></a>
 ### Nested Schema for `cloud_config.worker_node_subnet`
 

examples/resources/spectrocloud_cluster_azure/resource.tf

@@ -33,6 +33,11 @@ resource "spectrocloud_cluster_azure" "cluster" {
     #      cidr_block="10.0.0.9/16"
     #      security_group_name="worker_subnet_security_name"
     #    }
+    #    private_api_server {
+    #      resource_group = "test-resource-group"
+    #      private_dns_zone = "test-private-dns-zone"
+    #      static_ip = "10.11.12.51"
+    #    }
 
   }
 

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/robfig/cron v1.2.0
-	github.com/spectrocloud/palette-sdk-go v0.0.0-20250509161739-f7416a832d78
+	github.com/spectrocloud/palette-sdk-go v0.0.0-20250521182614-2b9b65c1d0e4
 	github.com/stretchr/testify v1.10.0
 	gotest.tools v2.2.0+incompatible
 	k8s.io/api v0.23.5

go.sum

@@ -597,8 +597,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250509161739-f7416a832d78 h1:QGVhNlDPNZcEffk7cPLEK+LU2P7f1ScCCFq0g3FO+V4=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250509161739-f7416a832d78/go.mod h1:3/NvYC0TKTbjvnyfaNj+A5r3nVhwDJ26B3PF86RZ/cc=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250521182614-2b9b65c1d0e4 h1:MU8Rdye5fwDgfwP9qy+N3JatknTxyJOL61wfSr+R5OU=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250521182614-2b9b65c1d0e4/go.mod h1:3/NvYC0TKTbjvnyfaNj+A5r3nVhwDJ26B3PF86RZ/cc=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=

spectrocloud/resource_cluster_azure.go

@@ -193,6 +193,32 @@ func resourceClusterAzure() *schema.Resource {
 						},
 						"control_plane_subnet": schemas.SubnetSchema(),
 						"worker_node_subnet":   schemas.SubnetSchema(),
+						"private_api_server": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							RequiredWith: []string{"cloud_config.0.network_resource_group", "cloud_config.0.virtual_network_name", "cloud_config.0.virtual_network_cidr_block"},
+							Description:  "Custom private DNS zone for your cluster's API server. For more details, refer to the https://docs.spectrocloud.com/clusters/public-cloud/azure/create-azure-cluster/#private-api-server-lb-settings",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"resource_group": {
+										Type:        schema.TypeString,
+										Required:    true,
+										Description: "The resource group of the private DNS zone.",
+									},
+									"private_dns_zone": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: "The private DNS zone for the cluster. This is optional. If not provided, a new private DNS zone will be created.",
+									},
+									"static_ip": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: "Static IP address for the private API server load balancer. This is optional. If not provided, Dynamic IP allocation will be used.",
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -452,6 +478,15 @@ func flattenClusterConfigsAzure(config *models.V1AzureCloudConfig) []interface{}
 			}
 			m["worker_node_subnet"] = []interface{}{workerSubnet}
 		}
+		if config.Spec.ClusterConfig.InfraLBConfig != nil {
+			if config.Spec.ClusterConfig.InfraLBConfig.APIServerLB != nil {
+				m["private_api_server"] = []interface{}{map[string]interface{}{
+					"resource_group":   config.Spec.ClusterConfig.InfraLBConfig.APIServerLB.PrivateDNSZoneResourceGroup,
+					"private_dns_zone": config.Spec.ClusterConfig.InfraLBConfig.APIServerLB.PrivateDNSName,
+					"static_ip":        config.Spec.ClusterConfig.InfraLBConfig.APIServerLB.APIServerLBStaticIP,
+				}}
+			}
+		}
 	}
 
 	return []interface{}{m}
@@ -683,7 +718,44 @@ func toStaticPlacement(c *models.V1SpectroAzureClusterEntity, cloudConfig map[st
 			Name:              workerSubnet["name"].(string),
 			SecurityGroupName: workerSubnet["security_group_name"].(string),
 		}
+
+		if v, ok := cloudConfig["private_api_server"]; ok {
+			privateApiServer := v.([]interface{})
+			if len(privateApiServer) > 0 {
+				privateApiServerConfig := privateApiServer[0].(map[string]interface{})
+				apiServerLB := &models.V1LoadBalancerSpec{
+					PrivateDNSZoneResourceGroup: privateApiServerConfig["resource_group"].(string),
+					PrivateDNSName:              privateApiServerConfig["private_dns_zone"].(string),
+					APIServerLBStaticIP:         privateApiServerConfig["static_ip"].(string),
+					IPAllocationMethod:          chooseIPMethod(privateApiServerConfig["static_ip"].(string)),
+					Type:                        StringPtr("Internal"),
+				}
+				c.Spec.CloudConfig.InfraLBConfig = &models.V1InfraLBConfig{
+					APIServerLB: apiServerLB,
+				}
+			}
+		} else {
+			apiServerLB := &models.V1LoadBalancerSpec{
+				IPAllocationMethod:          chooseIPMethod(""),
+				Type:                        StringPtr("Public"),
+				PrivateDNSZoneResourceGroup: "",
+				PrivateDNSName:              "",
+				APIServerLBStaticIP:         "",
+			}
+			c.Spec.CloudConfig.InfraLBConfig = &models.V1InfraLBConfig{
+				APIServerLB: apiServerLB,
+			}
+
+		}
+
+	}
+}
+
+func chooseIPMethod(ip string) *string {
+	if ip == "" {
+		return StringPtr("Dynamic")
 	}
+	return StringPtr("Static")
 }
 
 func toMachinePoolAzure(machinePool interface{}) (*models.V1AzureMachinePoolConfigEntity, error) {

spectrocloud/resource_cluster_azure_test.go

@@ -123,6 +123,15 @@ func TestToStaticPlacement(t *testing.T) {
 					Name:              "worker_subnet",
 					SecurityGroupName: "worker_sg",
 				},
+				InfraLBConfig: &models.V1InfraLBConfig{
+					APIServerLB: &models.V1LoadBalancerSpec{
+						IPAllocationMethod:          types.Ptr("Dynamic"),
+						PrivateDNSName:              "",
+						PrivateDNSZoneResourceGroup: "",
+						APIServerLBStaticIP:         "",
+						Type:                        types.Ptr("Public"),
+					},
+				},
 			},
 		},
 	}

templates/resources/cluster_azure.md.tmpl

@@ -32,6 +32,26 @@ resource "spectrocloud_cluster_azure" "cluster" {
     resource_group  = var.azure_resource_group
     region          = var.azure_region
     ssh_key         = var.cluster_ssh_public_key
+
+     //Static placement config
+        #    network_resource_group = "test-resource-group"
+        #    virtual_network_name = "test-network-name"
+        #    virtual_network_cidr_block = "10.0.0.9/10"
+        #    control_plane_subnet {
+        #      name="cp_subnet_name"
+        #      cidr_block="10.0.0.9/16"
+        #      security_group_name="cp_subnet_security_name"
+        #    }
+        #    worker_node_subnet {
+        #      name="worker_subnet_name"
+        #      cidr_block="10.0.0.9/16"
+        #      security_group_name="worker_subnet_security_name"
+        #    }
+        #    private_api_server {
+        #      resource_group = "test-resource-group"
+        #      private_dns_zone = "test-private-dns-zone"
+        #      static_ip = "10.11.12.51"
+        #    }
   }
 
   cluster_profile {