kindnet: Support IP aliases with kindnet on gce

pkg/model/components/gcpcloudcontrollermanager.go

@@ -54,9 +54,8 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(cluster *kops.Clu
 		ccmConfig.ClusterCIDR = clusterSpec.Networking.PodCIDR
 	}
 
-	if clusterSpec.Networking.GCP != nil {
-		// "GCP" networking mode is called "ip-alias" or "vpc-native" on GKE.
-		// We don't need to configure routes if we are using "real" IPs.
+	if gce.UsesIPAliases(cluster) {
+		// We don't need to configure routes if we are using ipalias; these are "real" IPs
 		ccmConfig.ConfigureCloudRoutes = fi.PtrTo(false)
 	}
 

pkg/model/components/kubecontrollermanager.go

@@ -119,6 +119,14 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o *kops.Cluster) erro
 		} else {
 			kcm.CIDRAllocatorType = fi.PtrTo("CloudAllocator")
 		}
+	} else if networking.Kindnet != nil {
+		// We don't expect KCM to configure routes; it should be done by the CCM (or by the infrastructure)
+		kcm.ConfigureCloudRoutes = fi.PtrTo(false)
+
+		// If the cloud is allocating the node CIDRs, that should be done by CCM
+		if o.GetCloudProvider() == kops.CloudProviderGCE && gce.UsesIPAliases(o) {
+			kcm.AllocateNodeCIDRs = fi.PtrTo(false)
+		}
 	} else if networking.External != nil {
 		kcm.ConfigureCloudRoutes = fi.PtrTo(false)
 	} else if UsesCNI(networking) {

pkg/model/gcemodel/context.go

@@ -133,7 +133,7 @@ func (c *GCEModelContext) NameForFirewallRule(id string) string {
 }
 
 func (c *GCEModelContext) NetworkingIsIPAlias() bool {
-	return c.Cluster.Spec.Networking.GCP != nil
+	return gce.UsesIPAliases(c.Cluster)
 }
 
 func (c *GCEModelContext) NetworkingIsGCERoutes() bool {

tests/integration/update_cluster/privatekindnet/data/aws_launch_template_master-us-test-1a.masters.privatekindnet.example.com_user_data

@@ -130,7 +130,7 @@ ClusterName: privatekindnet.example.com
 ConfigBase: memfs://clusters.example.com/privatekindnet.example.com
 InstanceGroupName: master-us-test-1a
 InstanceGroupRole: ControlPlane
-NodeupConfigHash: jTF3I7at/1p0jwCMDz9kTq2uKvqMG+UEhKlJd1X96+8=
+NodeupConfigHash: lgPxiqJbDn1WQqD2BR2dzZRFvgBtedQIcphqjfGgam0=
 
 __EOF_KUBE_ENV
 

tests/integration/update_cluster/privatekindnet/data/aws_s3_object_cluster-completed.spec_content

@@ -101,7 +101,7 @@ spec:
     serviceClusterIPRange: 100.64.0.0/13
     storageBackend: etcd3
   kubeControllerManager:
-    allocateNodeCIDRs: true
+    allocateNodeCIDRs: false
     attachDetachReconcileSyncPeriod: 1m0s
     cloudProvider: external
     clusterCIDR: 100.96.0.0/11

tests/integration/update_cluster/privatekindnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content

@@ -233,7 +233,7 @@ CAs:
 ClusterName: privatekindnet.example.com
 ControlPlaneConfig:
   KubeControllerManager:
-    allocateNodeCIDRs: true
+    allocateNodeCIDRs: false
     attachDetachReconcileSyncPeriod: 1m0s
     cloudProvider: external
     clusterCIDR: 100.96.0.0/11

upup/pkg/fi/cloudup/gce/network.go

@@ -31,9 +31,16 @@ import (
 
 // UsesIPAliases checks if the cluster uses IP aliases for network connectivity
 func UsesIPAliases(c *kops.Cluster) bool {
+	// "GCP" networking mode is called "ip-alias" or "vpc-native" on GKE.
 	if c.Spec.Networking.GCP != nil {
 		return true
 	}
+
+	if c.Spec.Networking.Kindnet != nil {
+		// TODO: Are we _always_ using ipalias - should we at least check the cloud is GCP?
+		return true
+	}
+
 	return false
 }