Skip to content

Comments

Add flex node added into / remove from Private AKS cluster#55

Open
weiliu2dev wants to merge 5 commits intoAzure:mainfrom
weiliu2dev:weiliu2/private-cluster-flex
Open

Add flex node added into / remove from Private AKS cluster#55
weiliu2dev wants to merge 5 commits intoAzure:mainfrom
weiliu2dev:weiliu2/private-cluster-flex

Conversation

@weiliu2dev
Copy link
Collaborator

@weiliu2dev weiliu2dev commented Feb 2, 2026
edited
Loading

Summary

Add support for joining nodes to private AKS clusters (clusters with no public API endpoint) via WireGuard VPN through a Gateway VM in
Azure.

  • New pkg/privatecluster/ package implementing StepExecutor (Installer) and Executor (Uninstaller) interfaces
  • Automatically provisions a Gateway VM with WireGuard, establishes VPN tunnel, and configures /etc/hosts for API server access
  • For non-private clusters, IsCompleted() returns true immediately — zero overhead, step is skipped
  • Uninstaller supports two cleanup modes: local (keep Gateway for other nodes) and full (remove all Azure resources)
  • Uses Azure Go SDK (track2) for Azure resource management (no az CLI dependency). System tools (WireGuard, SSH, kubectl) are invoked via shell commands.

Files Changed

New package pkg/privatecluster/:

  • installer.go — StepExecutor: Gateway provisioning, VPN setup, kubectl/kubelogin install
  • uninstaller.go — Executor: Node drain/delete, VPN teardown, Gateway cleanup
  • vpn.go — WireGuard key generation, config, interface management
  • azure_client.go — Azure SDK client for Gateway VM lifecycle
  • ssh.go — SSH key generation and Gateway SSH operations
  • tool_installer.go — kubectl and kubelogin binary download/install
  • types.go — Gateway config types and defaults
  • utils.go — Helper functions (hosts file, file I/O, hostname)
  • privatecluster_test.go — Unit tests
  • README.md — Usage documentation
  • create_private_cluster.md — Private cluster setup guide

Modified files:

  • pkg/bootstrapper/bootstrapper.go — Add privatecluster as first bootstrap/unbootstrap step
  • pkg/config/structs.go — Add TargetClusterConfig fields (private, gateway, cleanupMode)
  • commands.go — Add --cleanup-mode flag for unbootstrap
  • pkg/utils/utils.go — Add RunCommandWithOutputContext and RunCommandSilentContext

Test plan

  • go build ./... passes
  • go test ./... passes
  • gofmt and golangci-lint pass
  • E2E: Bootstrap node to private AKS cluster via VPN
  • E2E: Unbootstrap with --cleanup-mode=local and --cleanup-mode=full

Private AKS cluster: add core types, VPN, and SSH support
e1ff0af 
Add the foundational privatecluster package for joining nodes to
private AKS clusters via WireGuard VPN through a Gateway VM.
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from d4d925c to 69604af Compare February 2, 2026 08:44
wenxuan0923
wenxuan0923 reviewed Feb 2, 2026
View reviewed changes
wenxuan0923
wenxuan0923 reviewed Feb 2, 2026
View reviewed changes
Change VPN install/uninstall from bash to Go, remove bash scripts
f583f12 
Replace shell scripts with native Go implementation using Azure SDK:
- azure_client.go: Azure SDK client for Gateway VM lifecycle
- installer.go: StepExecutor for Gateway provisioning and VPN setup
- uninstaller.go: Executor for node cleanup and Gateway teardown
- tool_installer.go: kubectl and kubelogin binary downloads
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 4, 2026
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gosec found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch 3 times, most recently from ffdc990 to bd3daff Compare February 4, 2026 22:43
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 4, 2026
View reviewed changes
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch 3 times, most recently from 81f6179 to 204ad26 Compare February 6, 2026 23:02
@weiliu2dev
Copy link
Collaborator Author

weiliu2dev commented Feb 6, 2026

@Neo-NZ please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

  • (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
  • (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement
@microsoft-github-policy-service agree company="Microsoft“

@weiliu2dev
Copy link
Collaborator Author

weiliu2dev commented Feb 6, 2026

@Neo-NZ please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

  • (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
  • (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement
@microsoft-github-policy-service agree company="Microsoft“

@microsoft-github-policy-service agree company="Microsoft"

@weiliu2dev weiliu2dev closed this Feb 6, 2026
@weiliu2dev weiliu2dev reopened this Feb 6, 2026
@wenxuan0923
Copy link
Collaborator

wenxuan0923 commented Feb 7, 2026

I suggest spending a bit more time reviewing our codebase before starting to contribute. Thanks!

wenxuan0923
wenxuan0923 reviewed Feb 7, 2026
View reviewed changes
wenxuan0923
wenxuan0923 reviewed Feb 7, 2026
View reviewed changes
wenxuan0923
wenxuan0923 reviewed Feb 7, 2026
View reviewed changes
@weiliu2dev
Copy link
Collaborator Author

weiliu2dev commented Feb 10, 2026

I suggest spending a bit more time reviewing our codebase before starting to contribute. Thanks!

make senses.

weiliu2 added 2 commits February 11, 2026 19:07
Integrate privatecluster with bootstrapper framework
2997606 
- Add privatecluster as first bootstrap/unbootstrap step
- Add TargetClusterConfig fields (private, gateway, cleanupMode)
- Add --cleanup-mode flag for unbootstrap command
- Remove unused config field from BaseExecutor
Add privatecluster unit tests
7b43aeb
wenxuan0923
wenxuan0923 reviewed Feb 13, 2026
View reviewed changes
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch 7 times, most recently from e5d9229 to eee87ae Compare February 22, 2026 11:04
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 22, 2026
View reviewed changes
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from eee87ae to c1ab0f9 Compare February 22, 2026 11:08
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from c1ab0f9 to 9369be3 Compare February 22, 2026 11:13
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from c6afa59 to 643199c Compare February 22, 2026 12:01
@weiliu2dev weiliu2dev mentioned this pull request Feb 22, 2026
Open
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from 643199c to 88f8a4c Compare February 22, 2026 21:46
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from 88f8a4c to 7c1096a Compare February 22, 2026 21:55
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from 7c1096a to ac63471 Compare February 22, 2026 22:52
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from ac63471 to de348c7 Compare February 23, 2026 07:44
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 23, 2026
View reviewed changes
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from de348c7 to 70a406b Compare February 23, 2026 07:55
@weiliu2dev weiliu2dev force-pushed the weiliu2/private-cluster-flex branch from 70a406b to 66e48e0 Compare February 23, 2026 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wenxuan0923 wenxuan0923 wenxuan0923 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@weiliu2dev @wenxuan0923