From 5d9908c2c3b58a81937f75a9d5722d0c845ed569 Mon Sep 17 00:00:00 2001
From: Samuele Chiocca <osnar88@gmail.com>
Date: Wed, 22 Aug 2018 15:32:07 +0200
Subject: [PATCH 1/4] --nodeport-addresses added on kube-proxy.manifest.j2

Changed author
---
 inventory/sample/group_vars/k8s-cluster.yml                  | 5 +++++
 .../node/templates/manifests/kube-proxy.manifest.j2          | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
index 2ca718598..a4cb2d087 100644
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -110,6 +110,11 @@ kube_apiserver_insecure_port: 8080 # (http)
 # Can be ipvs, iptables
 kube_proxy_mode: iptables
 
+# Kube-proxy nodeport address.
+# cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
+kube_proxy_nodeport_addresses: false
+# kube_proxy_nodeport_addresses_cidr: 10.0.1.0/24
+
 ## Encrypting Secret Data at Rest (experimental)
 kube_encrypt_secret_data: false
 
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 7096a2ff2..d1292887a 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -43,6 +43,9 @@ spec:
     - --proxy-mode={{ kube_proxy_mode }}
     - --oom-score-adj=-998
     - --healthz-bind-address={{ kube_proxy_healthz_bind_address }}
+{% if kube_proxy_nodeport_addresses %}
+    - --nodeport-addresses={{ kube_proxy_nodeport_addresses_cidr }}
+{% endif %}
 {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
     - --masquerade-all
 {% elif kube_proxy_mode == 'ipvs' %}

From f13bc796d95f7f0a12ee9f67f7b769928090caed Mon Sep 17 00:00:00 2001
From: Samuele Chiocca <osnar88@gmail.com>
Date: Wed, 22 Aug 2018 18:43:03 +0200
Subject: [PATCH 2/4] added nodePortAddresses on kubeadm conf v1alpha2 (not
 present on v1alpha1)

---
 .../master/templates/kubeadm-config.v1alpha2.yaml.j2           | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 7a629cb30..135f24960 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -27,6 +27,9 @@ kubeProxy:
   config:
     mode: {{ kube_proxy_mode }}
     hostnameOverride: {{ inventory_hostname }}
+{% if kube_proxy_nodeport_addresses %}
+    nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+{% endif %}
 authorizationModes:
 {% for mode in authorization_modes %}
 - {{ mode }}

From e5dd4e1e708303376add7d99a9388b931b427210 Mon Sep 17 00:00:00 2001
From: Samuele Chiocca <osnar88@gmail.com>
Date: Fri, 24 Aug 2018 10:59:06 +0200
Subject: [PATCH 3/4] added on v1alpha1

---
 .../master/templates/kubeadm-config.v1alpha1.yaml.j2           | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index 237e371d4..37c25c77b 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -27,6 +27,9 @@ kubeProxy:
   config:
     featureGates: SupportIPVSProxyMode=true
     mode: ipvs
+{% if kube_proxy_nodeport_addresses %}
+    nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
+{% endif %}
 {% endif %}
 authorizationModes:
 {% for mode in authorization_modes %}

From cb8be37f7239889a91cdda8999518ad0b2cbfeab Mon Sep 17 00:00:00 2001
From: Samuele Chiocca <osnar88@gmail.com>
Date: Fri, 24 Aug 2018 11:19:06 +0200
Subject: [PATCH 4/4] fix on v1alpha1

---
 .../master/templates/kubeadm-config.v1alpha1.yaml.j2          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
index 37c25c77b..4660f5f72 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
@@ -22,15 +22,15 @@ kubernetesVersion: {{ kube_version }}
 {% if cloud_provider is defined and cloud_provider != "gce" %}
 cloudProvider: {{ cloud_provider }}
 {% endif %}
-{% if kube_proxy_mode == 'ipvs' and kube_version | version_compare('v1.10', '<') %}
 kubeProxy:
   config:
+{% if kube_proxy_mode == 'ipvs' and kube_version | version_compare('v1.10', '<') %}
     featureGates: SupportIPVSProxyMode=true
     mode: ipvs
+{% endif %}
 {% if kube_proxy_nodeport_addresses %}
     nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
 {% endif %}
-{% endif %}
 authorizationModes:
 {% for mode in authorization_modes %}
 - {{ mode }}