openshift · rna-afk · Oct 28, 2024
diff --git a/pkg/asset/manifests/azure/cluster.go b/pkg/asset/manifests/azure/cluster.go
@@ -104,6 +104,39 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 	}
 
 	virtualNetworkID := ""
+	lbip := capz.DefaultInternalLBIPAddress
+	machineCidr := installConfig.Config.MachineNetwork
+	// Check if default lbip is within machine network.
+	isInMachineCIDR := false
+	for _, cidrRange := range machineCidr {
+		_, ipnet, err := net.ParseCIDR(cidrRange.CIDR.String())
+		if err != nil {
+			return nil, fmt.Errorf("failed to get machine network CIDR: %w", err)
+		}
+		if ipnet.Contains(net.ParseIP(lbip)) {
+			isInMachineCIDR = true
+			break
+		}
+	}
+
+	// If not in machine network, assign the first IP in the CIDR to lbip.
+	if !isInMachineCIDR {
+		ip, ipnet, err := net.ParseCIDR(machineCidr[0].CIDR.String())
+		if err != nil {
+			return nil, fmt.Errorf("failed to get machine network CIDR: %w", err)
+		}
+		lbip = ip.Mask(ipnet.Mask).String()
+	}
+	lbip, err = getNextAvailableIP(context.TODO(), installConfig, lbip)
+	if err != nil {
+		return nil, err
+	}
+	apiServerLB.FrontendIPs = []capz.FrontendIP{{
+		Name: fmt.Sprintf("%s-internal-frontEnd", clusterID.InfraID),
+		FrontendIPClass: capz.FrontendIPClass{
+			PrivateIPAddress: lbip,
+		},
+	}}
 	if installConfig.Config.Azure.VirtualNetwork != "" {
 		client, err := installConfig.Azure.Client()
 		if err != nil {
@@ -117,16 +150,12 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 		if virtualNetwork != nil {
 			virtualNetworkID = *virtualNetwork.ID
 		}
-		lbip, err := getNextAvailableIP(ctx, installConfig)
+		lbip, err := getNextAvailableIP(ctx, installConfig, lbip)
 		if err != nil {
 			return nil, err
 		}
-		apiServerLB.FrontendIPs = []capz.FrontendIP{{
-			Name: fmt.Sprintf("%s-internal-frontEnd", clusterID.InfraID),
-			FrontendIPClass: capz.FrontendIPClass{
-				PrivateIPAddress: lbip,
-			},
-		},
+		apiServerLB.FrontendIPs[0].FrontendIPClass = capz.FrontendIPClass{
+			PrivateIPAddress: lbip,
 		}
 	}
 
@@ -255,9 +284,7 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 	}, nil
 }
 
-func getNextAvailableIP(ctx context.Context, installConfig *installconfig.InstallConfig) (string, error) {
-	lbip := capz.DefaultInternalLBIPAddress
-	machineCidr := installConfig.Config.MachineNetwork
+func getNextAvailableIP(ctx context.Context, installConfig *installconfig.InstallConfig, lbip string) (string, error) {
 	client, err := installConfig.Azure.Client()
 	if err != nil {
 		return "", fmt.Errorf("failed to get azure client: %w", err)
@@ -267,6 +294,7 @@ func getNextAvailableIP(ctx context.Context, installConfig *installconfig.Instal
 		return "", fmt.Errorf("failed to get azure virtual network client: %w", err)
 	}
 
+	machineCidr := installConfig.Config.MachineNetwork
 	availableIP, err := vClient.CheckIPAddressAvailability(ctx, installConfig.Config.Azure.NetworkResourceGroupName, installConfig.Config.Azure.VirtualNetwork, lbip)
 	if err != nil {
 		return "", fmt.Errorf("failed to get azure ip availability: %w", err)