diff --git a/pkg/model/components/gcpcloudcontrollermanager.go b/pkg/model/components/gcpcloudcontrollermanager.go index cd5cc58f625f2..266c9c1872c0b 100644 --- a/pkg/model/components/gcpcloudcontrollermanager.go +++ b/pkg/model/components/gcpcloudcontrollermanager.go @@ -54,9 +54,8 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(cluster *kops.Clu ccmConfig.ClusterCIDR = clusterSpec.Networking.PodCIDR } - if clusterSpec.Networking.GCP != nil { - // "GCP" networking mode is called "ip-alias" or "vpc-native" on GKE. - // We don't need to configure routes if we are using "real" IPs. + if gce.UsesIPAliases(cluster) { + // We don't need to configure routes if we are using ipalias; these are "real" IPs ccmConfig.ConfigureCloudRoutes = fi.PtrTo(false) } diff --git a/pkg/model/components/kubecontrollermanager.go b/pkg/model/components/kubecontrollermanager.go index 474796495f0b4..82b039f216cb2 100644 --- a/pkg/model/components/kubecontrollermanager.go +++ b/pkg/model/components/kubecontrollermanager.go @@ -119,6 +119,14 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o *kops.Cluster) erro } else { kcm.CIDRAllocatorType = fi.PtrTo("CloudAllocator") } + } else if networking.Kindnet != nil { + // We don't expect KCM to configure routes; it should be done by the CCM (or by the infrastructure) + kcm.ConfigureCloudRoutes = fi.PtrTo(false) + + // If the cloud is allocating the node CIDRs, that should be done by CCM + if o.GetCloudProvider() == kops.CloudProviderGCE && gce.UsesIPAliases(o) { + kcm.AllocateNodeCIDRs = fi.PtrTo(false) + } } else if networking.External != nil { kcm.ConfigureCloudRoutes = fi.PtrTo(false) } else if UsesCNI(networking) { diff --git a/pkg/model/gcemodel/context.go b/pkg/model/gcemodel/context.go index 6ef46a9779269..6aae41567fa00 100644 --- a/pkg/model/gcemodel/context.go +++ b/pkg/model/gcemodel/context.go @@ -133,7 +133,7 @@ func (c *GCEModelContext) NameForFirewallRule(id string) string { } func (c *GCEModelContext) NetworkingIsIPAlias() bool { - return c.Cluster.Spec.Networking.GCP != nil + return gce.UsesIPAliases(c.Cluster) } func (c *GCEModelContext) NetworkingIsGCERoutes() bool { diff --git a/tests/integration/update_cluster/privatekindnet/data/aws_launch_template_master-us-test-1a.masters.privatekindnet.example.com_user_data b/tests/integration/update_cluster/privatekindnet/data/aws_launch_template_master-us-test-1a.masters.privatekindnet.example.com_user_data index fb57784f023e3..8b84c71319bb5 100644 --- a/tests/integration/update_cluster/privatekindnet/data/aws_launch_template_master-us-test-1a.masters.privatekindnet.example.com_user_data +++ b/tests/integration/update_cluster/privatekindnet/data/aws_launch_template_master-us-test-1a.masters.privatekindnet.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatekindnet.example.com ConfigBase: memfs://clusters.example.com/privatekindnet.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: jTF3I7at/1p0jwCMDz9kTq2uKvqMG+UEhKlJd1X96+8= +NodeupConfigHash: lgPxiqJbDn1WQqD2BR2dzZRFvgBtedQIcphqjfGgam0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_cluster-completed.spec_content index d83c1046bb6fa..4c7ae47e28347 100644 --- a/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_cluster-completed.spec_content @@ -101,7 +101,7 @@ spec: serviceClusterIPRange: 100.64.0.0/13 storageBackend: etcd3 kubeControllerManager: - allocateNodeCIDRs: true + allocateNodeCIDRs: false attachDetachReconcileSyncPeriod: 1m0s cloudProvider: external clusterCIDR: 100.96.0.0/11 diff --git a/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 87c01f1fa829a..88a26755aebb7 100644 --- a/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatekindnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -233,7 +233,7 @@ CAs: ClusterName: privatekindnet.example.com ControlPlaneConfig: KubeControllerManager: - allocateNodeCIDRs: true + allocateNodeCIDRs: false attachDetachReconcileSyncPeriod: 1m0s cloudProvider: external clusterCIDR: 100.96.0.0/11 diff --git a/upup/pkg/fi/cloudup/gce/network.go b/upup/pkg/fi/cloudup/gce/network.go index e57c54e578265..7db0e3fca6c55 100644 --- a/upup/pkg/fi/cloudup/gce/network.go +++ b/upup/pkg/fi/cloudup/gce/network.go @@ -31,9 +31,16 @@ import ( // UsesIPAliases checks if the cluster uses IP aliases for network connectivity func UsesIPAliases(c *kops.Cluster) bool { + // "GCP" networking mode is called "ip-alias" or "vpc-native" on GKE. if c.Spec.Networking.GCP != nil { return true } + + if c.Spec.Networking.Kindnet != nil { + // TODO: Are we _always_ using ipalias - should we at least check the cloud is GCP? + return true + } + return false }