From e8476499b087ba648989512ac06ae2c596f9cc8a Mon Sep 17 00:00:00 2001
From: Rodrigo Menezes <brdude@gmail.com>
Date: Wed, 18 Jul 2018 15:55:22 -0700
Subject: [PATCH 1/4] Allow other CNI drivers to bind a hosts Primary IP

---
 nodeup/pkg/model/kubelet.go | 18 +++++++++---------
 pkg/apis/kops/cluster.go    |  4 +++-
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go
index 7d627f77b5..316dd78597 100644
--- a/nodeup/pkg/model/kubelet.go
+++ b/nodeup/pkg/model/kubelet.go
@@ -172,16 +172,16 @@ func (b *KubeletBuilder) buildSystemdEnvironmentFile(kubeletConfig *kops.Kubelet
 	if b.UsesCNI() {
 		flags += " --cni-bin-dir=" + b.CNIBinDir()
 		flags += " --cni-conf-dir=" + b.CNIConfDir()
-		// If we are using the AmazonVPC plugin we need to bind the kubelet to the local ipv4 address
-		if b.Cluster.Spec.Networking.AmazonVPC != nil {
-			sess := session.Must(session.NewSession())
-			metadata := ec2metadata.New(sess)
-			localIpv4, err := metadata.GetMetadata("local-ipv4")
-			if err != nil {
-				return nil, fmt.Errorf("error fetching the local-ipv4 address from the ec2 meta-data: %v", err)
-			}
-			flags += " --node-ip=" + localIpv4
+	}
+
+	if kubeletConfig.BindPrimaryIP {
+		sess := session.Must(session.NewSession())
+		metadata := ec2metadata.New(sess)
+		localIpv4, err := metadata.GetMetadata("local-ipv4")
+		if err != nil {
+			return nil, fmt.Errorf("error fetching the local-ipv4 address from the ec2 meta-data: %v", err)
 		}
+		flags += " --node-ip=" + localIpv4
 	}
 
 	if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Kubenet != nil {
diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go
index 3075d449f6..0abf0d7f3c 100644
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@@ -507,7 +507,9 @@ func (c *Cluster) FillDefaults() error {
 	} else if c.Spec.Networking.Romana != nil {
 		// OK
 	} else if c.Spec.Networking.AmazonVPC != nil {
-		// OK
+		// If we are using the AmazonVPC plugin we need to bind the kubelet to the local ipv4 address
+		c.Spec.Kubelet.BindPrimaryIP = true
+		c.Spec.MasterKubelet.BindPrimaryIP = true
 	} else if c.Spec.Networking.Cilium != nil {
 		if c.Spec.Networking.Cilium.Version == "" {
 			c.Spec.Networking.Cilium.Version = CiliumDefaultVersion

From 218d90632c3f31f3522e106596644a3b4db1d105 Mon Sep 17 00:00:00 2001
From: Rodrigo Menezes <brdude@gmail.com>
Date: Wed, 18 Jul 2018 16:09:40 -0700
Subject: [PATCH 2/4] api machinery

---
 pkg/apis/kops/v1alpha1/zz_generated.conversion.go | 4 ++++
 pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
index 40f971c943..e36b23d675 100644
--- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
@@ -2642,7 +2642,11 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha1_KubeletConfigSpec(in *kops.K
 	out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls
 	out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
 	out.DockerDisableSharedPID = in.DockerDisableSharedPID
+<<<<<<< HEAD
 	out.RootDir = in.RootDir
+=======
+	out.BindPrimaryIP = in.BindPrimaryIP
+>>>>>>> api machinery
 	return nil
 }
 
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 3fd7a4481b..5e73475330 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -2906,7 +2906,11 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha2_KubeletConfigSpec(in *kops.K
 	out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls
 	out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
 	out.DockerDisableSharedPID = in.DockerDisableSharedPID
+<<<<<<< HEAD
 	out.RootDir = in.RootDir
+=======
+	out.BindPrimaryIP = in.BindPrimaryIP
+>>>>>>> api machinery
 	return nil
 }
 

From 74e8973c6cafb851160c985dfec19289b962aad0 Mon Sep 17 00:00:00 2001
From: Rodrigo Menezes <brdude@gmail.com>
Date: Fri, 20 Jul 2018 12:25:23 -0700
Subject: [PATCH 3/4] Fix based on Justins suggestion

---
 nodeup/pkg/model/context.go                       | 9 +++++++++
 nodeup/pkg/model/kubelet.go                       | 2 +-
 pkg/apis/kops/cluster.go                          | 4 +---
 pkg/apis/kops/networking.go                       | 1 +
 pkg/apis/kops/v1alpha1/networking.go              | 1 +
 pkg/apis/kops/v1alpha1/zz_generated.conversion.go | 6 ++----
 pkg/apis/kops/v1alpha2/networking.go              | 1 +
 pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 6 ++----
 8 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/nodeup/pkg/model/context.go b/nodeup/pkg/model/context.go
index dffd1d491b..4343bc651a 100644
--- a/nodeup/pkg/model/context.go
+++ b/nodeup/pkg/model/context.go
@@ -278,6 +278,15 @@ func (c *NodeupModelContext) UseNodeAuthorizer() bool {
 	return c.Cluster.Spec.NodeAuthorization.NodeAuthorizer != nil
 }
 
+// UsesSecondaryIP checks if the CNI in use attaches secondary interfaces to the host.
+func (c *NodeupModelContext) UsesSecondaryIP() bool {
+	if c.Cluster.Spec.Networking.CNI.UsesSecondaryIP || c.Cluster.Spec.Networking.AmazonVPC != nil {
+		return true
+	}
+
+	return false
+}
+
 // UseBootstrapTokens checks if we are using bootstrap tokens
 func (c *NodeupModelContext) UseBootstrapTokens() bool {
 	if c.IsMaster {
diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go
index 316dd78597..c5c0544e69 100644
--- a/nodeup/pkg/model/kubelet.go
+++ b/nodeup/pkg/model/kubelet.go
@@ -174,7 +174,7 @@ func (b *KubeletBuilder) buildSystemdEnvironmentFile(kubeletConfig *kops.Kubelet
 		flags += " --cni-conf-dir=" + b.CNIConfDir()
 	}
 
-	if kubeletConfig.BindPrimaryIP {
+	if b.UsesSecondaryIP() {
 		sess := session.Must(session.NewSession())
 		metadata := ec2metadata.New(sess)
 		localIpv4, err := metadata.GetMetadata("local-ipv4")
diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go
index 0abf0d7f3c..3075d449f6 100644
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@@ -507,9 +507,7 @@ func (c *Cluster) FillDefaults() error {
 	} else if c.Spec.Networking.Romana != nil {
 		// OK
 	} else if c.Spec.Networking.AmazonVPC != nil {
-		// If we are using the AmazonVPC plugin we need to bind the kubelet to the local ipv4 address
-		c.Spec.Kubelet.BindPrimaryIP = true
-		c.Spec.MasterKubelet.BindPrimaryIP = true
+		// OK
 	} else if c.Spec.Networking.Cilium != nil {
 		if c.Spec.Networking.Cilium.Version == "" {
 			c.Spec.Networking.Cilium.Version = CiliumDefaultVersion
diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
index 9951e95ee2..1da95db55e 100644
--- a/pkg/apis/kops/networking.go
+++ b/pkg/apis/kops/networking.go
@@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct {
 // Networking is not managed by kops - we can create options here that directly configure e.g. weave
 // but this is useful for arbitrary network modes or for modes that don't need additional configuration.
 type CNINetworkingSpec struct {
+	UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"`
 }
 
 // KopeioNetworkingSpec declares that we want Kopeio networking
diff --git a/pkg/apis/kops/v1alpha1/networking.go b/pkg/apis/kops/v1alpha1/networking.go
index 352e4944b8..84ba937741 100644
--- a/pkg/apis/kops/v1alpha1/networking.go
+++ b/pkg/apis/kops/v1alpha1/networking.go
@@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct {
 // Networking is not managed by kops - we can create options here that directly configure e.g. weave
 // but this is useful for arbitrary network modes or for modes that don't need additional configuration.
 type CNINetworkingSpec struct {
+	UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"`
 }
 
 // KopeioNetworkingSpec declares that we want Kopeio networking
diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
index e36b23d675..4f90028566 100644
--- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
@@ -426,6 +426,7 @@ func Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(in *ko
 }
 
 func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error {
+	out.UsesSecondaryIP = in.UsesSecondaryIP
 	return nil
 }
 
@@ -435,6 +436,7 @@ func Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetwork
 }
 
 func autoConvert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec(in *kops.CNINetworkingSpec, out *CNINetworkingSpec, s conversion.Scope) error {
+	out.UsesSecondaryIP = in.UsesSecondaryIP
 	return nil
 }
 
@@ -2642,11 +2644,7 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha1_KubeletConfigSpec(in *kops.K
 	out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls
 	out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
 	out.DockerDisableSharedPID = in.DockerDisableSharedPID
-<<<<<<< HEAD
 	out.RootDir = in.RootDir
-=======
-	out.BindPrimaryIP = in.BindPrimaryIP
->>>>>>> api machinery
 	return nil
 }
 
diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
index 5b64cc1b63..d839296245 100644
--- a/pkg/apis/kops/v1alpha2/networking.go
+++ b/pkg/apis/kops/v1alpha2/networking.go
@@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct {
 // Networking is not managed by kops - we can create options here that directly configure e.g. weave
 // but this is useful for arbitrary network modes or for modes that don't need additional configuration.
 type CNINetworkingSpec struct {
+	UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"`
 }
 
 // KopeioNetworkingSpec declares that we want Kopeio networking
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 5e73475330..ec684d2e98 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -462,6 +462,7 @@ func Convert_kops_BastionSpec_To_v1alpha2_BastionSpec(in *kops.BastionSpec, out
 }
 
 func autoConvert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error {
+	out.UsesSecondaryIP = in.UsesSecondaryIP
 	return nil
 }
 
@@ -471,6 +472,7 @@ func Convert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetwork
 }
 
 func autoConvert_kops_CNINetworkingSpec_To_v1alpha2_CNINetworkingSpec(in *kops.CNINetworkingSpec, out *CNINetworkingSpec, s conversion.Scope) error {
+	out.UsesSecondaryIP = in.UsesSecondaryIP
 	return nil
 }
 
@@ -2906,11 +2908,7 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha2_KubeletConfigSpec(in *kops.K
 	out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls
 	out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout
 	out.DockerDisableSharedPID = in.DockerDisableSharedPID
-<<<<<<< HEAD
 	out.RootDir = in.RootDir
-=======
-	out.BindPrimaryIP = in.BindPrimaryIP
->>>>>>> api machinery
 	return nil
 }
 

From f816b00fb9d480a37a9fbbf631791e3a338f823c Mon Sep 17 00:00:00 2001
From: Rodrigo Menezes <brdude@gmail.com>
Date: Fri, 20 Jul 2018 13:47:22 -0700
Subject: [PATCH 4/4] fix

---
 nodeup/pkg/model/context.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nodeup/pkg/model/context.go b/nodeup/pkg/model/context.go
index 4343bc651a..a53fd7ec4c 100644
--- a/nodeup/pkg/model/context.go
+++ b/nodeup/pkg/model/context.go
@@ -280,7 +280,7 @@ func (c *NodeupModelContext) UseNodeAuthorizer() bool {
 
 // UsesSecondaryIP checks if the CNI in use attaches secondary interfaces to the host.
 func (c *NodeupModelContext) UsesSecondaryIP() bool {
-	if c.Cluster.Spec.Networking.CNI.UsesSecondaryIP || c.Cluster.Spec.Networking.AmazonVPC != nil {
+	if (c.Cluster.Spec.Networking.CNI != nil && c.Cluster.Spec.Networking.CNI.UsesSecondaryIP) || c.Cluster.Spec.Networking.AmazonVPC != nil {
 		return true
 	}