diff --git a/nodeup/pkg/model/context.go b/nodeup/pkg/model/context.go index dffd1d491b..4343bc651a 100644 --- a/nodeup/pkg/model/context.go +++ b/nodeup/pkg/model/context.go @@ -278,6 +278,15 @@ func (c *NodeupModelContext) UseNodeAuthorizer() bool { return c.Cluster.Spec.NodeAuthorization.NodeAuthorizer != nil } +// UsesSecondaryIP checks if the CNI in use attaches secondary interfaces to the host. +func (c *NodeupModelContext) UsesSecondaryIP() bool { + if c.Cluster.Spec.Networking.CNI.UsesSecondaryIP || c.Cluster.Spec.Networking.AmazonVPC != nil { + return true + } + + return false +} + // UseBootstrapTokens checks if we are using bootstrap tokens func (c *NodeupModelContext) UseBootstrapTokens() bool { if c.IsMaster { diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go index 316dd78597..c5c0544e69 100644 --- a/nodeup/pkg/model/kubelet.go +++ b/nodeup/pkg/model/kubelet.go @@ -174,7 +174,7 @@ func (b *KubeletBuilder) buildSystemdEnvironmentFile(kubeletConfig *kops.Kubelet flags += " --cni-conf-dir=" + b.CNIConfDir() } - if kubeletConfig.BindPrimaryIP { + if b.UsesSecondaryIP() { sess := session.Must(session.NewSession()) metadata := ec2metadata.New(sess) localIpv4, err := metadata.GetMetadata("local-ipv4") diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index 0abf0d7f3c..3075d449f6 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -507,9 +507,7 @@ func (c *Cluster) FillDefaults() error { } else if c.Spec.Networking.Romana != nil { // OK } else if c.Spec.Networking.AmazonVPC != nil { - // If we are using the AmazonVPC plugin we need to bind the kubelet to the local ipv4 address - c.Spec.Kubelet.BindPrimaryIP = true - c.Spec.MasterKubelet.BindPrimaryIP = true + // OK } else if c.Spec.Networking.Cilium != nil { if c.Spec.Networking.Cilium.Version == "" { c.Spec.Networking.Cilium.Version = CiliumDefaultVersion diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index 9951e95ee2..1da95db55e 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct { // Networking is not managed by kops - we can create options here that directly configure e.g. weave // but this is useful for arbitrary network modes or for modes that don't need additional configuration. type CNINetworkingSpec struct { + UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"` } // KopeioNetworkingSpec declares that we want Kopeio networking diff --git a/pkg/apis/kops/v1alpha1/networking.go b/pkg/apis/kops/v1alpha1/networking.go index 352e4944b8..84ba937741 100644 --- a/pkg/apis/kops/v1alpha1/networking.go +++ b/pkg/apis/kops/v1alpha1/networking.go @@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct { // Networking is not managed by kops - we can create options here that directly configure e.g. weave // but this is useful for arbitrary network modes or for modes that don't need additional configuration. type CNINetworkingSpec struct { + UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"` } // KopeioNetworkingSpec declares that we want Kopeio networking diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go index e36b23d675..4f90028566 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go @@ -426,6 +426,7 @@ func Convert_kops_AwsAuthenticationSpec_To_v1alpha1_AwsAuthenticationSpec(in *ko } func autoConvert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error { + out.UsesSecondaryIP = in.UsesSecondaryIP return nil } @@ -435,6 +436,7 @@ func Convert_v1alpha1_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetwork } func autoConvert_kops_CNINetworkingSpec_To_v1alpha1_CNINetworkingSpec(in *kops.CNINetworkingSpec, out *CNINetworkingSpec, s conversion.Scope) error { + out.UsesSecondaryIP = in.UsesSecondaryIP return nil } @@ -2642,11 +2644,7 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha1_KubeletConfigSpec(in *kops.K out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout out.DockerDisableSharedPID = in.DockerDisableSharedPID -<<<<<<< HEAD out.RootDir = in.RootDir -======= - out.BindPrimaryIP = in.BindPrimaryIP ->>>>>>> api machinery return nil } diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index 5b64cc1b63..d839296245 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -50,6 +50,7 @@ type ExternalNetworkingSpec struct { // Networking is not managed by kops - we can create options here that directly configure e.g. weave // but this is useful for arbitrary network modes or for modes that don't need additional configuration. type CNINetworkingSpec struct { + UsesSecondaryIP bool `json:"usesSecondaryIP,omitempty"` } // KopeioNetworkingSpec declares that we want Kopeio networking diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 5e73475330..ec684d2e98 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -462,6 +462,7 @@ func Convert_kops_BastionSpec_To_v1alpha2_BastionSpec(in *kops.BastionSpec, out } func autoConvert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetworkingSpec, out *kops.CNINetworkingSpec, s conversion.Scope) error { + out.UsesSecondaryIP = in.UsesSecondaryIP return nil } @@ -471,6 +472,7 @@ func Convert_v1alpha2_CNINetworkingSpec_To_kops_CNINetworkingSpec(in *CNINetwork } func autoConvert_kops_CNINetworkingSpec_To_v1alpha2_CNINetworkingSpec(in *kops.CNINetworkingSpec, out *CNINetworkingSpec, s conversion.Scope) error { + out.UsesSecondaryIP = in.UsesSecondaryIP return nil } @@ -2906,11 +2908,7 @@ func autoConvert_kops_KubeletConfigSpec_To_v1alpha2_KubeletConfigSpec(in *kops.K out.ExperimentalAllowedUnsafeSysctls = in.ExperimentalAllowedUnsafeSysctls out.StreamingConnectionIdleTimeout = in.StreamingConnectionIdleTimeout out.DockerDisableSharedPID = in.DockerDisableSharedPID -<<<<<<< HEAD out.RootDir = in.RootDir -======= - out.BindPrimaryIP = in.BindPrimaryIP ->>>>>>> api machinery return nil }