Merge pull request #15829 from justinsb/refactor_forapiserver

Refactor: Replace ForAPIServer with WellKnownServices

pkg/commands/toolbox_enroll.go

@@ -47,7 +47,9 @@ import (
 	"k8s.io/kops/pkg/client/simple"
 	"k8s.io/kops/pkg/commands/commandutils"
 	"k8s.io/kops/pkg/featureflag"
+	"k8s.io/kops/pkg/model"
 	"k8s.io/kops/pkg/model/resources"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup"
 	"k8s.io/kops/util/pkg/architectures"
@@ -104,7 +106,8 @@ func RunToolboxEnroll(ctx context.Context, f commandutils.Factory, out io.Writer
 		return err
 	}
 
-	apiserverAdditionalIPs := []string{}
+	wellKnownAddresses := make(model.WellKnownAddresses)
+
 	{
 		ingresses, err := cloud.GetApiIngressStatus(cluster)
 		if err != nil {
@@ -117,17 +120,21 @@ func RunToolboxEnroll(ctx context.Context, f commandutils.Factory, out io.Writer
 			// 	apiserverAdditionalIPs = append(apiserverAdditionalIPs, ingress.Hostname)
 			// }
 			if ingress.IP != "" {
-				apiserverAdditionalIPs = append(apiserverAdditionalIPs, ingress.IP)
+				wellKnownAddresses[wellknownservices.KubeAPIServer] = append(wellKnownAddresses[wellknownservices.KubeAPIServer], ingress.IP)
 			}
 		}
 	}
 
-	if len(apiserverAdditionalIPs) == 0 {
+	if len(wellKnownAddresses[wellknownservices.KubeAPIServer]) == 0 {
 		// TODO: Should we support DNS?
-		return fmt.Errorf("unable to determine IP address for kops-controller")
+		return fmt.Errorf("unable to determine IP address for kube-apiserver")
 	}
 
-	scriptBytes, err := buildBootstrapData(ctx, clientset, cluster, ig, apiserverAdditionalIPs)
+	for k := range wellKnownAddresses {
+		sort.Strings(wellKnownAddresses[k])
+	}
+
+	scriptBytes, err := buildBootstrapData(ctx, clientset, cluster, ig, wellKnownAddresses)
 	if err != nil {
 		return err
 	}
@@ -390,7 +397,7 @@ func (s *SSHHost) getHostname(ctx context.Context) (string, error) {
 	return hostname, nil
 }
 
-func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, apiserverAdditionalIPs []string) ([]byte, error) {
+func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster *kops.Cluster, ig *kops.InstanceGroup, wellknownAddresses model.WellKnownAddresses) ([]byte, error) {
 	if cluster.Spec.KubeAPIServer == nil {
 		cluster.Spec.KubeAPIServer = &kops.KubeAPIServerConfig{}
 	}
@@ -451,7 +458,7 @@ func buildBootstrapData(ctx context.Context, clientset simple.Clientset, cluster
 		keysets[keyName] = keyset
 	}
 
-	_, bootConfig, err := configBuilder.BuildConfig(ig, apiserverAdditionalIPs, keysets)
+	_, bootConfig, err := configBuilder.BuildConfig(ig, wellknownAddresses, keysets)
 	if err != nil {
 		return nil, err
 	}

pkg/model/awsmodel/api_loadbalancer.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awstasks"
 )
@@ -187,10 +188,10 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 			Listeners:      nlbListeners,
 			TargetGroups:   make([]*awstasks.TargetGroup, 0),
 
-			Tags:         tags,
+			Tags:              tags,
-			ForAPIServer: true,
+			WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
-			VPC:          b.LinkToVPC(),
+			VPC:               b.LinkToVPC(),
-			Type:         fi.PtrTo("network"),
+			Type:              fi.PtrTo("network"),
 		}
 
 		clb = &awstasks.ClassicLoadBalancer{
@@ -222,8 +223,8 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 				Timeout: fi.PtrTo(int64(300)),
 			},
 
-			Tags:         tags,
+			Tags:              tags,
-			ForAPIServer: true,
+			WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
 		}
 
 		if b.Cluster.UsesNoneDNS() {
@@ -536,6 +537,9 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 				ToPort:        fi.PtrTo(int64(4)),
 			})
 			if b.Cluster.UsesNoneDNS() {
+				nlb.WellKnownServices = append(nlb.WellKnownServices, wellknownservices.KopsController)
+				clb.WellKnownServices = append(clb.WellKnownServices, wellknownservices.KopsController)
+
 				c.AddTask(&awstasks.SecurityGroupRule{
 					Name:          fi.PtrTo(fmt.Sprintf("kops-controller-elb-to-cp%s", suffix)),
 					Lifecycle:     b.SecurityLifecycle,

pkg/model/bootstrapscript.go

@@ -30,6 +30,7 @@ import (
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/apis/nodeup"
 	"k8s.io/kops/pkg/model/resources"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
 	"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
@@ -40,9 +41,12 @@ import (
 )
 
 type NodeUpConfigBuilder interface {
-	BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error)
+	BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error)
 }
 
+// WellKnownAddresses holds known addresses for well-known services
+type WellKnownAddresses map[wellknownservices.WellKnownService][]string
+
 // BootstrapScriptBuilder creates the bootstrap script
 type BootstrapScriptBuilder struct {
 	*KopsModelContext
@@ -58,8 +62,9 @@ type BootstrapScript struct {
 	ig        *kops.InstanceGroup
 	builder   *BootstrapScriptBuilder
 	resource  fi.CloudupTaskDependentResource
-	// alternateNameTasks are tasks that contribute api-server IP addresses.
+
-	alternateNameTasks []fi.HasAddress
+	// hasAddressTasks holds fi.HasAddress tasks, that contribute well-known services.
+	hasAddressTasks []fi.HasAddress
 
 	// caTasks hold the CA tasks, for dependency analysis.
 	caTasks map[string]*fitasks.Keypair
@@ -76,9 +81,9 @@ var (
 
 // kubeEnv returns the boot config for the instance group
 func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext) (*nodeup.BootConfig, error) {
-	var alternateNames []string
+	wellKnownAddresses := make(WellKnownAddresses)
 
-	for _, hasAddress := range b.alternateNameTasks {
+	for _, hasAddress := range b.hasAddressTasks {
 		addresses, err := hasAddress.FindAddresses(c)
 		if err != nil {
 			return nil, fmt.Errorf("error finding address for %v: %v", hasAddress, err)
@@ -88,13 +93,17 @@ func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext)
 			klog.V(2).Infof("Task did not have an address: %v", hasAddress)
 			continue
 		}
-		for _, address := range addresses {
+
-			klog.V(8).Infof("Resolved alternateName %q for %q", address, hasAddress)
+		klog.V(8).Infof("Resolved alternateNames %q for %q", addresses, hasAddress)
-			alternateNames = append(alternateNames, address)
+
+		for _, wellKnownService := range hasAddress.GetWellKnownServices() {
+			wellKnownAddresses[wellKnownService] = append(wellKnownAddresses[wellKnownService], addresses...)
 		}
 	}
 
-	sort.Strings(alternateNames)
+	for k := range wellKnownAddresses {
+		sort.Strings(wellKnownAddresses[k])
+	}
 
 	keysets := make(map[string]*fi.Keyset)
 	for _, caTask := range b.caTasks {
@@ -105,7 +114,7 @@ func (b *BootstrapScript) kubeEnv(ig *kops.InstanceGroup, c *fi.CloudupContext)
 		}
 		keysets[name] = keyset
 	}
-	config, bootConfig, err := b.builder.NodeUpConfigBuilder.BuildConfig(ig, alternateNames, keysets)
+	config, bootConfig, err := b.builder.NodeUpConfigBuilder.BuildConfig(ig, wellKnownAddresses, keysets)
 	if err != nil {
 		return nil, err
 	}
@@ -288,9 +297,9 @@ func (b *BootstrapScript) GetDependencies(tasks map[string]fi.CloudupTask) []fi.
 	var deps []fi.CloudupTask
 
 	for _, task := range tasks {
-		if hasAddress, ok := task.(fi.HasAddress); ok && hasAddress.IsForAPIServer() {
+		if hasAddress, ok := task.(fi.HasAddress); ok && len(hasAddress.GetWellKnownServices()) > 0 {
 			deps = append(deps, task)
-			b.alternateNameTasks = append(b.alternateNameTasks, hasAddress)
+			b.hasAddressTasks = append(b.hasAddressTasks, hasAddress)
 		}
 	}
 

pkg/model/bootstrapscript_test.go

@@ -72,7 +72,7 @@ type nodeupConfigBuilder struct {
 	cluster *kops.Cluster
 }
 
-func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
+func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
 	config, bootConfig := nodeup.NewConfig(n.cluster, ig)
 	return config, bootConfig, nil
 }

pkg/model/domodel/api_loadbalancer.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/do"
 	"k8s.io/kops/upup/pkg/fi/cloudup/dotasks"
@@ -60,10 +61,11 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 
 	// Create LoadBalancer for API LB
 	loadbalancer := &dotasks.LoadBalancer{
-		Name:       fi.PtrTo(loadbalancerName),
+		Name:              fi.PtrTo(loadbalancerName),
-		Region:     fi.PtrTo(b.Cluster.Spec.Networking.Subnets[0].Region),
+		Region:            fi.PtrTo(b.Cluster.Spec.Networking.Subnets[0].Region),
-		DropletTag: fi.PtrTo(clusterMasterTag),
+		DropletTag:        fi.PtrTo(clusterMasterTag),
-		Lifecycle:  b.Lifecycle,
+		Lifecycle:         b.Lifecycle,
+		WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KopsController, wellknownservices.KubeAPIServer},
 	}
 
 	if b.Cluster.Spec.Networking.NetworkID != "" {
@@ -76,11 +78,5 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 
 	c.AddTask(loadbalancer)
 
-	// Ensure the LB hostname is included in the TLS certificate,
-	// if we're not going to use an alias for it
-	if b.Cluster.UsesLegacyGossip() || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
-		loadbalancer.ForAPIServer = true
-	}
-
 	return nil
 }

pkg/model/gcemodel/api_loadbalancer.go

@@ -23,6 +23,7 @@ import (
 	"golang.org/x/exp/slices"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/gce"
 	"k8s.io/kops/upup/pkg/fi/cloudup/gcetasks"
@@ -64,9 +65,10 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
 	c.AddTask(poolHealthCheck)
 
 	ipAddress := &gcetasks.Address{
-		Name:         s(b.NameForIPAddress("api")),
+		Name: s(b.NameForIPAddress("api")),
-		ForAPIServer: true,
+
-		Lifecycle:    b.Lifecycle,
+		Lifecycle:         b.Lifecycle,
+		WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
 	}
 	c.AddTask(ipAddress)
 
@@ -86,6 +88,8 @@ func (b *APILoadBalancerBuilder) createPublicLB(c *fi.CloudupModelBuilderContext
 		},
 	})
 	if b.Cluster.UsesNoneDNS() {
+		ipAddress.WellKnownServices = append(ipAddress.WellKnownServices, wellknownservices.KopsController)
+
 		c.AddTask(&gcetasks.ForwardingRule{
 			Name:                s(b.NameForForwardingRule("kops-controller")),
 			Lifecycle:           b.Lifecycle,
@@ -203,8 +207,9 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
 			IPAddressType: s("INTERNAL"),
 			Purpose:       s("SHARED_LOADBALANCER_VIP"),
 			Subnetwork:    subnet,
-			ForAPIServer:  true,
+
-			Lifecycle:     b.Lifecycle,
+			WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer},
+			Lifecycle:         b.Lifecycle,
 		}
 		c.AddTask(ipAddress)
 
@@ -224,6 +229,8 @@ func (b *APILoadBalancerBuilder) createInternalLB(c *fi.CloudupModelBuilderConte
 			},
 		})
 		if b.Cluster.UsesNoneDNS() {
+			ipAddress.WellKnownServices = append(ipAddress.WellKnownServices, wellknownservices.KopsController)
+
 			c.AddTask(&gcetasks.ForwardingRule{
 				Name:                s(b.NameForForwardingRule("kops-controller-" + sn.Name)),
 				Lifecycle:           b.Lifecycle,

pkg/model/hetznermodel/loadbalancer.go

@@ -23,6 +23,7 @@ import (
 	"github.com/hetznercloud/hcloud-go/hcloud"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
 	"k8s.io/kops/upup/pkg/fi/cloudup/hetznertasks"
@@ -63,6 +64,8 @@ func (b *LoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) error
 		Labels: map[string]string{
 			hetzner.TagKubernetesClusterName: b.ClusterName(),
 		},
+
+		WellKnownServices: []wellknownservices.WellKnownService{wellknownservices.KubeAPIServer, wellknownservices.KopsController},
 	}
 
 	c.AddTask(&loadbalancer)

pkg/model/openstackmodel/servergroup.go

@@ -28,6 +28,7 @@ import (
 	"k8s.io/kops/pkg/model"
 	"k8s.io/kops/pkg/truncate"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
 	"k8s.io/kops/upup/pkg/fi/cloudup/openstacktasks"
@@ -240,7 +241,9 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.CloudupModelBuilderContex
 				}
 				c.AddTask(t)
 				if ig.Spec.Role == kops.InstanceGroupRoleControlPlane {
-					b.associateFIPToKeypair(t)
+					// Ensure the floating IP is included in the TLS certificate,
+					// if we're not going to use an alias for it
+					t.WellKnownServices = append(t.WellKnownServices, wellknownservices.KubeAPIServer, wellknownservices.KopsController)
 				}
 				instanceTask.FloatingIP = t
 			}
@@ -250,12 +253,6 @@ func (b *ServerGroupModelBuilder) buildInstances(c *fi.CloudupModelBuilderContex
 	return nil
 }
 
-func (b *ServerGroupModelBuilder) associateFIPToKeypair(fipTask *openstacktasks.FloatingIP) {
-	// Ensure the floating IP is included in the TLS certificate,
-	// if we're not going to use an alias for it
-	fipTask.ForAPIServer = true
-}
-
 func (b *ServerGroupModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 	clusterName := b.ClusterName()
 
@@ -340,9 +337,7 @@ func (b *ServerGroupModelBuilder) Build(c *fi.CloudupModelBuilderContext) error
 		}
 		c.AddTask(lbfipTask)
 
-		if b.Cluster.UsesLegacyGossip() || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
+		lbfipTask.WellKnownServices = append(lbfipTask.WellKnownServices, wellknownservices.KubeAPIServer)
-			b.associateFIPToKeypair(lbfipTask)
-		}
 
 		poolTask := &openstacktasks.LBPool{
 			Name:         fi.PtrTo(fmt.Sprintf("%s-https", fi.ValueOf(lbTask.Name))),

pkg/model/openstackmodel/servergroup_test.go

@@ -1548,7 +1548,7 @@ func createBuilderForCluster(cluster *kops.Cluster, instanceGroups []*kops.Insta
 
 type nodeupConfigBuilder struct{}
 
-func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
+func (n *nodeupConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses model.WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
 	return &nodeup.Config{}, &nodeup.BootConfig{}, nil
 }
 

pkg/model/openstackmodel/tests/servergroup/adds-additional-security-groups.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -76,6 +75,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-ClusterSpec.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -75,6 +74,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/adds-cloud-labels-from-InstanceGroupSpec.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -75,6 +74,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/configures-allowed-address-pairs-with-annotations.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -77,6 +76,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/configures-server-group-affinity-with-annotations.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -74,6 +73,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-auto-zone-distribution.yaml

@@ -4,59 +4,66 @@ Name: master
 Lifecycle: ""
 Name: node
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-1-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-2-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-3-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-1-cluster
+WellKnownServices: null
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-2-cluster
+WellKnownServices: null
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-3-cluster
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-1-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master
 ID: null
 Image: image
@@ -134,18 +141,20 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-2-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master
 ID: null
 Image: image
@@ -223,18 +232,20 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-3-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master
 ID: null
 Image: image
@@ -312,18 +323,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node
 ID: null
 Image: image
@@ -392,18 +403,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-2-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node
 ID: null
 Image: image
@@ -472,18 +483,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-3-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node
 ID: null
 Image: image
@@ -552,6 +563,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-with-API-loadbalancer-dns-none.yaml

@@ -16,7 +16,6 @@ Name: node-b
 Lifecycle: ""
 Name: node-c
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB:
@@ -37,12 +36,13 @@ LB:
   VipSubnet: null
 Lifecycle: Sync
 Name: fip-api.cluster
+WellKnownServices:
+- kube-apiserver
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-a
 ID: null
 Image: image
@@ -114,12 +114,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-b
 ID: null
 Image: image
@@ -191,12 +191,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-c
 ID: null
 Image: image
@@ -268,12 +268,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-c
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-a
 ID: null
 Image: image
@@ -342,12 +342,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-b
 ID: null
 Image: image
@@ -416,12 +416,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-c
 ID: null
 Image: image
@@ -490,6 +490,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-c
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion-with-API-loadbalancer.yaml

@@ -16,7 +16,6 @@ Name: node-b
 Lifecycle: ""
 Name: node-c
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB:
@@ -37,12 +36,13 @@ LB:
   VipSubnet: null
 Lifecycle: Sync
 Name: fip-master-public-name
+WellKnownServices:
+- kube-apiserver
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-a
 ID: null
 Image: image
@@ -114,12 +114,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-b
 ID: null
 Image: image
@@ -191,12 +191,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-c
 ID: null
 Image: image
@@ -268,12 +268,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-c
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-a
 ID: null
 Image: image
@@ -342,12 +342,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-b
 ID: null
 Image: image
@@ -416,12 +416,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-c
 ID: null
 Image: image
@@ -490,6 +490,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-c
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-bastion.yaml

@@ -16,59 +16,66 @@ Name: node-b
 Lifecycle: ""
 Name: node-c
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-a-1-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-b-1-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-c-1-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-a-1-cluster
+WellKnownServices: null
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-b-1-cluster
+WellKnownServices: null
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-c-1-cluster
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-a-1-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master-a
 ID: null
 Image: image
@@ -146,18 +153,20 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-b-1-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master-b
 ID: null
 Image: image
@@ -235,18 +244,20 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-c-1-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master-c
 ID: null
 Image: image
@@ -324,18 +335,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-c
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-a-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node-a
 ID: null
 Image: image
@@ -404,18 +415,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-b-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node-b
 ID: null
 Image: image
@@ -484,18 +495,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-c-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node-c
 ID: null
 Image: image
@@ -564,6 +575,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-c
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/multizone-setup-3-masters-3-nodes-without-external-router.yaml

@@ -20,7 +20,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-a
 ID: null
 Image: image
@@ -98,12 +97,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-b
 ID: null
 Image: image
@@ -181,12 +180,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-c
 ID: null
 Image: image
@@ -264,12 +263,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-c
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-a
 ID: null
 Image: image
@@ -338,12 +337,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-2
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-b
 ID: null
 Image: image
@@ -412,12 +411,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-3
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-c
 ID: null
 Image: image
@@ -486,6 +485,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-c
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion-2.yaml

@@ -11,7 +11,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: bastion
 ID: null
 Image: image
@@ -78,12 +77,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: bastion
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master
 ID: null
 Image: image
@@ -161,12 +160,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image
@@ -235,6 +234,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/one-master-one-node-one-bastion.yaml

@@ -7,24 +7,23 @@ Name: master
 Lifecycle: ""
 Name: node
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-bastion-1-cluster
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-bastion-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: bastion
 ID: null
 Image: image
@@ -91,12 +90,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: bastion
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master
 ID: null
 Image: image
@@ -174,12 +173,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image
@@ -248,6 +247,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/one-master-one-node-without-bastion-no-public-ip-association.yaml

@@ -8,7 +8,6 @@ AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master
 ID: null
 Image: image-master
@@ -86,12 +85,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -160,6 +159,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/one-master-one-node.yaml

@@ -4,31 +4,34 @@ Name: master
 Lifecycle: ""
 Name: node
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-1-cluster
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-1-cluster
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-1-cluster
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master
 ID: null
 Image: image-master
@@ -106,18 +109,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-1-cluster
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node
 ID: null
 Image: image-node
@@ -186,6 +189,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/single-zone-setup-3-masters-1-node-without-bastion-with-API-loadbalancer-dns-none.yaml

@@ -10,7 +10,6 @@ Name: master-c
 Lifecycle: ""
 Name: node-a
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB:
@@ -31,12 +30,13 @@ LB:
   VipSubnet: null
 Lifecycle: Sync
 Name: fip-api.cluster
+WellKnownServices:
+- kube-apiserver
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-a
 ID: null
 Image: image
@@ -110,12 +110,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-a
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-b
 ID: null
 Image: image
@@ -189,12 +189,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-b
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: master-c
 ID: null
 Image: image
@@ -268,12 +268,12 @@ UserData:
   task:
     Lifecycle: ""
     Name: master-c
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP: null
-ForAPIServer: false
 GroupName: node-a
 ID: null
 Image: image
@@ -342,6 +342,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node-a
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/truncate-cluster-names-to-42-characters.yaml

@@ -4,31 +4,34 @@ Name: master
 Lifecycle: ""
 Name: node
 ---
-ForAPIServer: true
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-master-1-tom-software-dev-playground-real33-k8s-local
+WellKnownServices:
+- kube-apiserver
+- kops-controller
 ---
-ForAPIServer: false
 ID: null
 IP: null
 LB: null
 Lifecycle: Sync
 Name: fip-node-1-tom-software-dev-playground-real33-k8s-local
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.1-2
 FloatingIP:
-  ForAPIServer: true
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-master-1-tom-software-dev-playground-real33-k8s-local
-ForAPIServer: false
+  WellKnownServices:
+  - kube-apiserver
+  - kops-controller
 GroupName: master
 ID: null
 Image: image-master
@@ -106,18 +109,18 @@ UserData:
   task:
     Lifecycle: ""
     Name: master
+WellKnownServices: null
 ---
 AvailabilityZone: zone-1
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP:
-  ForAPIServer: false
   ID: null
   IP: null
   LB: null
   Lifecycle: Sync
   Name: fip-node-1-tom-software-dev-playground-real33-k8s-local
-ForAPIServer: false
+  WellKnownServices: null
 GroupName: node
 ID: null
 Image: image-node
@@ -186,6 +189,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/uses-instance-group-subnet-as-availability-zones-fallback.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: subnet
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -76,6 +75,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/openstackmodel/tests/servergroup/uses-instance-group-zones-as-availability-zones.yaml

@@ -5,7 +5,6 @@ AvailabilityZone: zone-a
 ConfigDrive: false
 Flavor: blc.2-4
 FloatingIP: null
-ForAPIServer: false
 GroupName: node
 ID: null
 Image: image-node
@@ -76,6 +75,7 @@ UserData:
   task:
     Lifecycle: ""
     Name: node
+WellKnownServices: null
 ---
 Lifecycle: ""
 Name: apiserver-aggregator-ca

pkg/model/scalewaymodel/api_loadbalancer.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
 	"k8s.io/kops/upup/pkg/fi/cloudup/scalewaytasks"
@@ -81,6 +82,7 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 
 	c.AddTask(loadBalancer)
 
+	loadBalancer.WellKnownServices = append(loadBalancer.WellKnownServices, wellknownservices.KubeAPIServer)
 	lbBackendHttps, lbFrontendHttps := createLbBackendAndFrontend("https", wellknownports.KubeAPIServer, zone, loadBalancer)
 	lbBackendHttps.Lifecycle = b.Lifecycle
 	c.AddTask(lbBackendHttps)
@@ -88,10 +90,7 @@ func (b *APILoadBalancerModelBuilder) Build(c *fi.CloudupModelBuilderContext) er
 	c.AddTask(lbFrontendHttps)
 
 	if dns.IsGossipClusterName(b.Cluster.Name) || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
-		// Ensure the LB hostname is included in the TLS certificate,
+		loadBalancer.WellKnownServices = append(loadBalancer.WellKnownServices, wellknownservices.KopsController)
-		// if we're not going to use an alias for it
-		loadBalancer.ForAPIServer = true
-
 		lbBackendKopsController, lbFrontendKopsController := createLbBackendAndFrontend("kops-controller", wellknownports.KopsControllerPort, zone, loadBalancer)
 		lbBackendKopsController.Lifecycle = b.Lifecycle
 		c.AddTask(lbBackendKopsController)

pkg/wellknownservices/wellknownservices.go

@@ -0,0 +1,27 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package wellknownservices
+
+type WellKnownService string
+
+const (
+	// KubeAPIServer is the service where kube-apiserver listens.
+	KubeAPIServer WellKnownService = "kube-apiserver"
+
+	// KopsController is the service where kops-controller listens.
+	KopsController WellKnownService = "kops-controller"
+)

upup/pkg/fi/cloudup/apply_cluster.go

@@ -59,6 +59,7 @@ import (
 	"k8s.io/kops/pkg/model/scalewaymodel"
 	"k8s.io/kops/pkg/templates"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/models"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
@@ -1346,7 +1347,7 @@ func NewNodeUpConfigBuilder(cluster *kops.Cluster, assetBuilder *assets.AssetBui
 }
 
 // BuildConfig returns the NodeUp config and auxiliary config.
-func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAdditionalIPs []string, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
+func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, wellKnownAddresses model.WellKnownAddresses, keysets map[string]*fi.Keyset) (*nodeup.Config, *nodeup.BootConfig, error) {
 	cluster := n.cluster
 
 	if ig == nil {
@@ -1449,7 +1450,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
 	}
 
 	if hasAPIServer {
-		config.ApiserverAdditionalIPs = apiserverAdditionalIPs
+		config.ApiserverAdditionalIPs = wellKnownAddresses[wellknownservices.KubeAPIServer]
 	}
 
 	// Set API server address to an IP from the cluster network CIDR
@@ -1457,7 +1458,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
 	switch cluster.Spec.GetCloudProvider() {
 	case kops.CloudProviderAWS, kops.CloudProviderHetzner, kops.CloudProviderOpenstack:
 		// Use a private IP address that belongs to the cluster network CIDR (some additional addresses may be FQDNs or public IPs)
-		for _, additionalIP := range apiserverAdditionalIPs {
+		for _, additionalIP := range wellKnownAddresses[wellknownservices.KubeAPIServer] {
 			for _, networkCIDR := range append(cluster.Spec.Networking.AdditionalNetworkCIDRs, cluster.Spec.Networking.NetworkCIDR) {
 				_, cidr, err := net.ParseCIDR(networkCIDR)
 				if err != nil {
@@ -1471,7 +1472,7 @@ func (n *nodeUpConfigBuilder) BuildConfig(ig *kops.InstanceGroup, apiserverAddit
 
 	case kops.CloudProviderDO, kops.CloudProviderScaleway, kops.CloudProviderGCE, kops.CloudProviderAzure:
 		// Use any IP address that is found (including public ones)
-		for _, additionalIP := range apiserverAdditionalIPs {
+		for _, additionalIP := range wellKnownAddresses[wellknownservices.KubeAPIServer] {
 			controlPlaneIPs = append(controlPlaneIPs, additionalIP)
 		}
 	}

upup/pkg/fi/cloudup/awstasks/classic_load_balancer.go

@@ -27,6 +27,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/elb"
 	"github.com/aws/aws-sdk-go/service/route53"
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@@ -67,11 +68,14 @@ type ClassicLoadBalancer struct {
 	CrossZoneLoadBalancing *ClassicLoadBalancerCrossZoneLoadBalancing
 	SSLCertificateID       string
 
-	Tags         map[string]string
+	Tags map[string]string
-	ForAPIServer bool
 
 	// Shared is set if this is an external LB (one we don't create or own)
 	Shared *bool
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.CompareWithID = &ClassicLoadBalancer{}
@@ -229,7 +233,7 @@ func (e *ClassicLoadBalancer) Find(c *fi.CloudupContext) (*ClassicLoadBalancer,
 
 	// Ignore system fields
 	actual.Lifecycle = e.Lifecycle
-	actual.ForAPIServer = e.ForAPIServer
+	actual.WellKnownServices = e.WellKnownServices
 
 	tagMap, err := cloud.DescribeELBTags([]string{*lb.LoadBalancerName})
 	if err != nil {
@@ -341,8 +345,10 @@ func (e *ClassicLoadBalancer) Find(c *fi.CloudupContext) (*ClassicLoadBalancer,
 
 var _ fi.HasAddress = &ClassicLoadBalancer{}
 
-func (e *ClassicLoadBalancer) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return e.ForAPIServer
+// It indicates which services we support with this address (likely attached to a load balancer).
+func (e *ClassicLoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (e *ClassicLoadBalancer) FindAddresses(context *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/awstasks/network_load_balancer.go

@@ -28,6 +28,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/elbv2"
 	"github.com/aws/aws-sdk-go/service/route53"
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/awsup"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@@ -64,14 +65,17 @@ type NetworkLoadBalancer struct {
 
 	IpAddressType *string
 
-	Tags         map[string]string
+	Tags map[string]string
-	ForAPIServer bool
 
 	Type *string
 
 	VPC          *VPC
 	TargetGroups []*TargetGroup
 	AccessLog    *NetworkLoadBalancerAccessLog
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.CompareWithID = &NetworkLoadBalancer{}
@@ -428,7 +432,7 @@ func (e *NetworkLoadBalancer) Find(c *fi.CloudupContext) (*NetworkLoadBalancer,
 	}
 
 	_ = actual.Normalize(c)
-	actual.ForAPIServer = e.ForAPIServer
+	actual.WellKnownServices = e.WellKnownServices
 	actual.Lifecycle = e.Lifecycle
 
 	klog.V(4).Infof("Found NLB %+v", actual)
@@ -438,8 +442,10 @@ func (e *NetworkLoadBalancer) Find(c *fi.CloudupContext) (*NetworkLoadBalancer,
 
 var _ fi.HasAddress = &NetworkLoadBalancer{}
 
-func (e *NetworkLoadBalancer) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return e.ForAPIServer
+// It indicates which services we support with this load balancer.
+func (e *NetworkLoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (e *NetworkLoadBalancer) FindAddresses(context *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/azuretasks/loadbalancer.go

@@ -55,8 +55,9 @@ func (lb *LoadBalancer) CompareWithID() *string {
 	return lb.Name
 }
 
-// IsForAPIServer for api server.
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-func (lb *LoadBalancer) IsForAPIServer() bool {
+// It indicates which services we support with this load balancer.
+func (lb *LoadBalancer) GetWellKnownServices() bool {
 	return lb.ForAPIServer
 }
 

upup/pkg/fi/cloudup/dotasks/loadbalancer.go

@@ -28,6 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/wellknownports"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/do"
 	"k8s.io/kops/util/pkg/vfs"
@@ -39,13 +40,16 @@ type LoadBalancer struct {
 	ID        *string
 	Lifecycle fi.Lifecycle
 
-	Region       *string
+	Region      *string
-	DropletTag   *string
+	DropletTag  *string
-	IPAddress    *string
+	IPAddress   *string
-	VPCUUID      *string
+	VPCUUID     *string
-	VPCName      *string
+	VPCName     *string
-	NetworkCIDR  *string
+	NetworkCIDR *string
-	ForAPIServer bool
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var readBackoff = wait.Backoff{
@@ -85,8 +89,8 @@ func (lb *LoadBalancer) Find(c *fi.CloudupContext) (*LoadBalancer, error) {
 		VPCUUID: fi.PtrTo(loadbalancer.VPCUUID),
 
 		// Ignore system fields
-		Lifecycle:    lb.Lifecycle,
+		Lifecycle:         lb.Lifecycle,
-		ForAPIServer: lb.ForAPIServer,
+		WellKnownServices: lb.WellKnownServices,
 	}, nil
 }
 
@@ -197,8 +201,10 @@ func (_ *LoadBalancer) RenderDO(t *do.DOAPITarget, a, e, changes *LoadBalancer)
 	return nil
 }
 
-func (lb *LoadBalancer) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return lb.ForAPIServer
+// It indicates which services we support with this load balancer.
+func (lb *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return lb.WellKnownServices
 }
 
 func (lb *LoadBalancer) FindAddresses(c *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/gcetasks/address.go

@@ -21,6 +21,7 @@ import (
 
 	compute "google.golang.org/api/compute/v1"
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/gce"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@@ -35,9 +36,12 @@ type Address struct {
 	IPAddress     *string
 	IPAddressType *string
 	Purpose       *string
-	ForAPIServer  bool
 
 	Subnetwork *Subnet
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.CompareWithID = &ForwardingRule{}
@@ -55,7 +59,7 @@ func (e *Address) Find(c *fi.CloudupContext) (*Address, error) {
 
 		// Ignore system fields
 		actual.Lifecycle = e.Lifecycle
-		actual.ForAPIServer = e.ForAPIServer
+		actual.WellKnownServices = e.WellKnownServices
 	}
 	return actual, err
 }
@@ -109,8 +113,10 @@ func (e *Address) find(cloud gce.GCECloud) (*Address, error) {
 
 var _ fi.HasAddress = &Address{}
 
-func (e *Address) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return e.ForAPIServer
+// It indicates which services we support with this address (likely attached to a load balancer).
+func (e *Address) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (e *Address) FindAddresses(context *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/hetznertasks/loadbalancer.go

@@ -27,6 +27,7 @@ import (
 
 	"github.com/hetznercloud/hcloud-go/hcloud"
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/hetzner"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@@ -46,6 +47,10 @@ type LoadBalancer struct {
 	Target   string
 
 	Labels map[string]string
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.CompareWithID = &LoadBalancer{}
@@ -56,8 +61,10 @@ func (v *LoadBalancer) CompareWithID() *string {
 
 var _ fi.HasAddress = &LoadBalancer{}
 
-func (e *LoadBalancer) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return true
+// It indicates which services we support with this load balancer.
+func (e *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (v *LoadBalancer) FindAddresses(c *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/openstacktasks/floatingip.go

@@ -26,6 +26,7 @@ import (
 	l3floatingip "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/layer3/floatingips"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
 	"k8s.io/kops/util/pkg/vfs"
@@ -33,12 +34,15 @@ import (
 
 // +kops:fitask
 type FloatingIP struct {
-	Name         *string
+	Name      *string
-	ID           *string
+	ID        *string
-	LB           *LB
+	LB        *LB
-	IP           *string
+	IP        *string
-	Lifecycle    fi.Lifecycle
+	Lifecycle fi.Lifecycle
-	ForAPIServer bool
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.HasAddress = &FloatingIP{}
@@ -73,8 +77,10 @@ func findL3Floating(cloud openstack.OpenstackCloud, opts l3floatingip.ListOpts)
 	return result, nil
 }
 
-func (e *FloatingIP) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return e.ForAPIServer
+// It indicates which services we support with this address.
+func (e *FloatingIP) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (e *FloatingIP) FindAddresses(context *fi.CloudupContext) ([]string, error) {

upup/pkg/fi/cloudup/openstacktasks/instance.go

@@ -31,6 +31,7 @@ import (
 	"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/truncate"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/openstack"
 )
@@ -55,8 +56,11 @@ type Instance struct {
 	ConfigDrive      *bool
 	Status           *string
 
-	Lifecycle    fi.Lifecycle
+	Lifecycle fi.Lifecycle
-	ForAPIServer bool
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var (
@@ -102,8 +106,10 @@ func (e *Instance) CompareWithID() *string {
 	return e.ID
 }
 
-func (e *Instance) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return e.ForAPIServer
+// It indicates which services we support with this instance.
+func (e *Instance) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return e.WellKnownServices
 }
 
 func (e *Instance) FindAddresses(context *fi.CloudupContext) ([]string, error) {
@@ -244,7 +250,7 @@ func (e *Instance) Find(c *fi.CloudupContext) (*Instance, error) {
 	// Avoid flapping
 	e.ID = actual.ID
 	e.Status = fi.PtrTo(activeStatus)
-	actual.ForAPIServer = e.ForAPIServer
+	actual.WellKnownServices = e.WellKnownServices
 
 	// Immutable fields
 	actual.Flavor = e.Flavor

upup/pkg/fi/cloudup/openstacktasks/port.go

@@ -82,7 +82,9 @@ func (s *Port) FindAddresses(context *fi.CloudupContext) ([]string, error) {
 	return addrs, nil
 }
 
-func (s *Port) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
+// It indicates which services we support with this load balancer.
+func (s *Port) GetWellKnownServices() bool {
 	return s.ForAPIServer
 }
 

upup/pkg/fi/cloudup/scalewaytasks/loadbalancer.go

@@ -22,6 +22,7 @@ import (
 	"strings"
 
 	"k8s.io/klog/v2"
+	"k8s.io/kops/pkg/wellknownservices"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/cloudup/scaleway"
 	"k8s.io/kops/upup/pkg/fi/cloudup/terraform"
@@ -45,7 +46,10 @@ type LoadBalancer struct {
 	Tags                  []string
 	Description           string
 	SslCompatibilityLevel string
-	ForAPIServer          bool
+
+	// WellKnownServices indicates which services are supported by this resource.
+	// This field is internal and is not rendered to the cloud.
+	WellKnownServices []wellknownservices.WellKnownService
 }
 
 var _ fi.CompareWithID = &LoadBalancer{}
@@ -55,8 +59,10 @@ func (l *LoadBalancer) CompareWithID() *string {
 	return l.LBID
 }
 
-func (l *LoadBalancer) IsForAPIServer() bool {
+// GetWellKnownServices implements fi.HasAddress::GetWellKnownServices.
-	return l.ForAPIServer
+// It indicates which services we support with this load balancer.
+func (l *LoadBalancer) GetWellKnownServices() []wellknownservices.WellKnownService {
+	return l.WellKnownServices
 }
 
 func (l *LoadBalancer) Find(context *fi.CloudupContext) (*LoadBalancer, error) {
@@ -81,13 +87,13 @@ func (l *LoadBalancer) Find(context *fi.CloudupContext) (*LoadBalancer, error) {
 	}
 
 	return &LoadBalancer{
-		Name:         fi.PtrTo(loadBalancer.Name),
+		Name:              fi.PtrTo(loadBalancer.Name),
-		LBID:         fi.PtrTo(loadBalancer.ID),
+		LBID:              fi.PtrTo(loadBalancer.ID),
-		Zone:         fi.PtrTo(string(loadBalancer.Zone)),
+		Zone:              fi.PtrTo(string(loadBalancer.Zone)),
-		LBAddresses:  lbIPs,
+		LBAddresses:       lbIPs,
-		Tags:         loadBalancer.Tags,
+		Tags:              loadBalancer.Tags,
-		Lifecycle:    l.Lifecycle,
+		Lifecycle:         l.Lifecycle,
-		ForAPIServer: l.ForAPIServer,
+		WellKnownServices: l.WellKnownServices,
 	}, nil
 }
 

upup/pkg/fi/has_address.go

@@ -16,12 +16,16 @@ limitations under the License.
 
 package fi
 
+import "k8s.io/kops/pkg/wellknownservices"
+
 // HasAddress is implemented by elastic/floating IP addresses in order to include
 // relevant dynamically allocated addresses in the api-server's server TLS certificate.
 type HasAddress interface {
 	Task[CloudupSubContext]
-	// IsForAPIServer indicates whether the implementation provides an address that needs to be added to the api-server server certificate.
+
-	IsForAPIServer() bool
+	// GetWellKnownServices returns the services that are behind this address.
+	GetWellKnownServices() []wellknownservices.WellKnownService
+
 	// FindIPAddress returns the address associated with the implementor.  If there is no address, returns (nil, nil).
 	FindAddresses(context *CloudupContext) ([]string, error)
 }