From 7a42aef370ff95e18fbabab9e9104698a05f3d8c Mon Sep 17 00:00:00 2001
From: shaoning <904809622@qq.com>
Date: Thu, 20 Nov 2025 19:51:26 +0800
Subject: [PATCH] Add support for custom internal API server virtual IP
 configuration.

---
 pkg/cert/GenerateAllFiles.go            | 33 +++++++++++++++++--------
 pkg/configmanager/asset/clusterasset.go | 27 ++++++++++----------
 2 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/pkg/cert/GenerateAllFiles.go b/pkg/cert/GenerateAllFiles.go
index 458fbb86..389b564c 100644
--- a/pkg/cert/GenerateAllFiles.go
+++ b/pkg/cert/GenerateAllFiles.go
@@ -18,6 +18,7 @@ package cert
 
 import (
 	"crypto/x509"
+	"fmt"
 	"nestos-kubernetes-deployer/pkg/configmanager"
 	"nestos-kubernetes-deployer/pkg/configmanager/asset"
 	"nestos-kubernetes-deployer/pkg/utils"
@@ -58,19 +59,31 @@ func (cg *CertGenerator) GenerateAllFiles() error {
 	apiserverEndpoint := "https://" + clusterconfig.Kubernetes.ApiServerEndpoint
 
 	//读取用户自定义服务子网IP
-	/*TODO: 1. 新增internalAPIServerVirtualIP 字段用于读取用户自定义内容；
+	/*DONE: 1. 新增internalAPIServerVirtualIP 字段用于读取用户自定义内容；
 	        2. 新增判断，默认值取用Network.Service_Subnet并进行以下解析，如用户填充internalAPIServerVirtualIP
 			   则读取用户自定义内容
 			3. 持续调研service clusterip相关内容，是否有统一入口进行相关配置。*/
-	_, svcSubnet, err := net.ParseCIDR(clusterconfig.Network.ServiceSubnet)
-	if err != nil {
-		logrus.Errorf("unable to get internal Kubernetes Service IP from the given service CIDR: %v\n", err)
-		return err
-	}
-	internalAPIServerVirtualIP, err := netutils.GetIndexedIP(svcSubnet, 1)
-	if err != nil {
-		logrus.Errorf("unable to get the first IP address from the given CIDR: %v\n", err)
-		return err
+	var internalAPIServerVirtualIP net.IP
+
+	// 如果用户提供了自定义的internalAPIServerVirtualIP，则使用用户提供的值
+	if clusterconfig.Kubernetes.InternalAPIServerVirtualIP != "" {
+		internalAPIServerVirtualIP = net.ParseIP(clusterconfig.Kubernetes.InternalAPIServerVirtualIP)
+		if internalAPIServerVirtualIP == nil {
+			logrus.Errorf("invalid internal API server virtual IP provided: %s\n", clusterconfig.Kubernetes.InternalAPIServerVirtualIP)
+			return fmt.Errorf("invalid internal API server virtual IP provided: %s", clusterconfig.Kubernetes.InternalAPIServerVirtualIP)
+		}
+	} else {
+		// 否则使用默认值，从Network.ServiceSubnet获取第一个IP
+		_, svcSubnet, err := net.ParseCIDR(clusterconfig.Network.ServiceSubnet)
+		if err != nil {
+			logrus.Errorf("unable to get internal Kubernetes Service IP from the given service CIDR: %v\n", err)
+			return err
+		}
+		internalAPIServerVirtualIP, err = netutils.GetIndexedIP(svcSubnet, 1)
+		if err != nil {
+			logrus.Errorf("unable to get the first IP address from the given CIDR: %v\n", err)
+			return err
+		}
 	}
 
 	/* **********生成root CA 证书和密钥********** */
diff --git a/pkg/configmanager/asset/clusterasset.go b/pkg/configmanager/asset/clusterasset.go
index 8cc65e41..546215e7 100644
--- a/pkg/configmanager/asset/clusterasset.go
+++ b/pkg/configmanager/asset/clusterasset.go
@@ -201,19 +201,20 @@ type OSImage struct {
 }
 
 type Kubernetes struct {
-	KubernetesVersion    string   `yaml:"kubernetesVersion"`
-	KubernetesAPIVersion string   `yaml:"kubernetesApiVersion"`
-	ApiServerEndpoint    string   `yaml:"apiserverEndpoint"`
-	ImageRegistry        string   `yaml:"imageRegistry"`
-	RegistryMirror       string   `json:"registryMirror" yaml:"registryMirror,omitempty"`
-	PauseImage           string   `yaml:"pauseImage"`
-	ReleaseImageURL      string   `json:"releaseImageURL" yaml:"releaseImageURL,omitempty"`
-	Token                string   `json:"token" yaml:"token,omitempty"`
-	AdminKubeConfig      string   `yaml:"adminKubeconfig"`
-	CertificateKey       string   `yaml:"certificateKey"`
-	CaCertHash           string   `json:"-" yaml:"-"`
-	PackageList          []string `json:"packageList" yaml:"packageList,omitempty"`
-	RpmPackagePath       string   `json:"rpmPackagePath" yaml:"rpmPackagePath,omitempty"`
+	KubernetesVersion          string   `yaml:"kubernetesVersion"`
+	KubernetesAPIVersion       string   `yaml:"kubernetesApiVersion"`
+	ApiServerEndpoint          string   `yaml:"apiserverEndpoint"`
+	InternalAPIServerVirtualIP string   `yaml:"internalAPIServerVirtualIP,omitempty"`
+	ImageRegistry              string   `yaml:"imageRegistry"`
+	RegistryMirror             string   `json:"registryMirror" yaml:"registryMirror,omitempty"`
+	PauseImage                 string   `yaml:"pauseImage"`
+	ReleaseImageURL            string   `json:"releaseImageURL" yaml:"releaseImageURL,omitempty"`
+	Token                      string   `json:"token" yaml:"token,omitempty"`
+	AdminKubeConfig            string   `yaml:"adminKubeconfig"`
+	CertificateKey             string   `yaml:"certificateKey"`
+	CaCertHash                 string   `json:"-" yaml:"-"`
+	PackageList                []string `json:"packageList" yaml:"packageList,omitempty"`
+	RpmPackagePath             string   `json:"rpmPackagePath" yaml:"rpmPackagePath,omitempty"`
 	Network
 }
 
-- 
Gitee