From d20d5e648f88511b9c594f674b606dad6ebb5c9d Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Wed, 7 Dec 2016 17:41:53 +0100
Subject: [PATCH 1/3] Add pseudo network plugin called "cloud" to use cloud
 provider for network

Allow to let the cloud provider configure proper routing for nodes.
---
 inventory/group_vars/all.yml                             | 1 +
 .../manifests/kube-controller-manager.manifest.j2        | 5 +++++
 roles/kubernetes/node/templates/kubelet.j2               | 2 ++
 roles/network_plugin/cloud/tasks/main.yml                | 9 +++++++++
 roles/network_plugin/meta/main.yml                       | 2 ++
 5 files changed, 19 insertions(+)
 create mode 100644 roles/network_plugin/cloud/tasks/main.yml

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 73f0fb55a..dc8a169e4 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -79,6 +79,7 @@ etcd_multiaccess: true
 loadbalancer_apiserver_localhost: true
 
 # Choose network plugin (calico, weave or flannel)
+# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: flannel
 
 # Kubernetes internal network for services, unused block of space.
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index cdfbef064..29a5af1a5 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -27,6 +27,11 @@ spec:
     - --cloud-config={{ kube_config_dir }}/cloud_config
 {% elif cloud_provider is defined and cloud_provider == "aws" %}
     - --cloud-provider={{cloud_provider}}
+{% endif %}
+{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
+    - --allocate-node-cidrs=true
+    - --configure-cloud-routes=true
+    - --cluster-cidr={{ kube_pods_subnet }}
 {% endif %}
     livenessProbe:
       httpGet:
diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2
index 3c1f31ab2..0961ea367 100644
--- a/roles/kubernetes/node/templates/kubelet.j2
+++ b/roles/kubernetes/node/templates/kubelet.j2
@@ -27,6 +27,8 @@ KUBELET_ARGS="--kubeconfig={{ kube_config_dir}}/kubelet.kubeconfig --require-kub
 KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d"
 {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
 DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
+{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
+KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow-privileged=true"
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
new file mode 100644
index 000000000..c8ae77830
--- /dev/null
+++ b/roles/network_plugin/cloud/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Cloud | Copy cni plugins from hyperkube
+  command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -r /opt/cni/bin/. /cnibindir/"
+  register: cni_task_result
+  until: cni_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index a964a4cba..a1c970efe 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -12,3 +12,5 @@ dependencies:
  - role: network_plugin/canal
    when: kube_network_plugin == 'canal'
    tags: canal
+ - role: network_plugin/cloud
+   when: kube_network_plugin == 'cloud'

From dbd9aaf1eaadd4b630de479dc6554a290f5a9781 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2016 14:06:48 +0100
Subject: [PATCH 2/3] Add check for azure_route_table_name and add it to
 all.yml

---
 inventory/group_vars/all.yml                                 | 1 +
 roles/kubernetes/preinstall/tasks/azure-credential-check.yml | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index dc8a169e4..14ffa22f3 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -150,6 +150,7 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
 #azure_subnet_name:
 #azure_security_group_name:
 #azure_vnet_name:
+#azure_route_table_name:
 
 
 ## Set these proxy values in order to update docker daemon to use proxies
diff --git a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
index 2ee57202b..ca50d5843 100644
--- a/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
+++ b/roles/kubernetes/preinstall/tasks/azure-credential-check.yml
@@ -44,4 +44,9 @@
     msg: "azure_vnet_name is missing"
   when: azure_vnet_name is not defined or azure_vnet_name == ""
 
+- name: check azure_route_table_name value
+  fail:
+    msg: "azure_route_table_name is missing"
+  when: azure_route_table_name is not defined or azure_route_table_name == ""
+
 

From d50eb60827450b57869036fd894bb4525a269665 Mon Sep 17 00:00:00 2001
From: Alexander Block <ablock84@gmail.com>
Date: Fri, 9 Dec 2016 14:21:46 +0100
Subject: [PATCH 3/3] Add --reconcile-cidr flag to kubelet to support cloud
 network plugin in 1.4

---
 roles/kubernetes/node/templates/kubelet.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/node/templates/kubelet.j2 b/roles/kubernetes/node/templates/kubelet.j2
index 0961ea367..3444c9d4e 100644
--- a/roles/kubernetes/node/templates/kubelet.j2
+++ b/roles/kubernetes/node/templates/kubelet.j2
@@ -28,7 +28,8 @@ KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d
 {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
 DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
 {% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
-KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
+# Please note that --reconcile-cidr is deprecated and a no-op in Kubernetes 1.5 but still required in 1.4
+KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet --reconcile-cidr=true"
 {% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow-privileged=true"