From 226d5ed7de1196814bbba7c6c10c7bd99190e605 Mon Sep 17 00:00:00 2001
From: Danny Kulchinsky <dannyk@tuenti.com>
Date: Mon, 4 Feb 2019 15:42:40 -0500
Subject: [PATCH] [Calico] Define FELIX_KUBENODEPORTRANGES when kube-proxy in
 ipvs mode (#4173)

* Define FELIX_KUBENODEPORTRANGES when kube-proxy in ipvs mode

* ensure kube_apiserver_node_port_range is defined
---
 roles/network_plugin/calico/templates/calico-node.yml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 096f8f539..1860f5438 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -124,6 +124,10 @@ spec:
               value: "{{ calico_endpoint_to_host_action|default('RETURN') }}"
             - name: FELIX_HEALTHHOST
               value: "{{ calico_healthhost }}"
+{% if kube_proxy_mode == 'ipvs' and kube_apiserver_node_port_range is defined %}
+            - name: FELIX_KUBENODEPORTRANGES
+              value: "{{ kube_apiserver_node_port_range.split('-')[0] }}:{{ kube_apiserver_node_port_range.split('-')[1] }}"
+{% endif %}
             # Prior to v3.2.1 iptables didn't acquire the lock, so Calico's own implementation of the lock should be used,
             # this is not required in later versions https://github.com/projectcalico/calico/issues/2179
 {% if calico_version is version('v3.2.1', '<') %}