From a18724b6127241311eaef9c4f8a2bd4e8556fcc4 Mon Sep 17 00:00:00 2001
From: ArchiFleKs <kevin.lefevre@osones.io>
Date: Wed, 1 Mar 2017 11:15:16 +0100
Subject: [PATCH] Add CoreOS/K8s recommended defaults to kube-proxy

The cluster-cidr fix asymetric routing in specific
use case. Adding dbus removes iptables error message for kube-proxy and
adding ${HOST_CERT_PATH} is just common practice.

Change-Id: I8912091ebcb5c1ef940f43e5195a849f8fa6370e
Partially-Implements: bp coreos-best-pratice
---
 .../fragments/enable-kube-proxy-master.yaml       | 15 +++++++++++++++
 .../fragments/enable-kube-proxy-minion.yaml       | 13 +++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-master.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-master.yaml
index 9c4100815a..1b11a665d6 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-master.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-master.yaml
@@ -38,8 +38,23 @@ write_files:
           - /hyperkube
           - proxy
           - --master=http://127.0.0.1:8080
+          - --cluster-cidr=${FLANNEL_NETWORK_CIDR}
           - --logtostderr=true
           - --v=0
           securityContext:
             privileged: true
+          volumeMounts:
+          - mountPath: /etc/ssl/certs
+            name: ssl-certs-host
+            readOnly: true
+          - mountPath: /var/run/dbus
+            name: dbus
+            readOnly: false
+        volumes:
+        - hostPath:
+            path: ${HOST_CERTS_PATH}
+          name: ssl-certs-host
+        - hostPath:
+            path: /var/run/dbus
+          name: dbus
       EOF
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-minion.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-minion.yaml
index 8a397fc898..74b03883be 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-minion.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/enable-kube-proxy-minion.yaml
@@ -48,6 +48,7 @@ write_files:
           - proxy
           - --master=${KUBE_MASTER_URI}
           - --kubeconfig=${KUBE_CONFIG}
+          - --cluster-cidr=${FLANNEL_NETWORK_CIDR}
           - --logtostderr=true
           - --v=0
           securityContext:
@@ -59,6 +60,12 @@ write_files:
             - mountPath: ${KUBE_CERTS_PATH}
               name: ssl-certs-kubernetes
               readOnly: true
+            - mountPath: /etc/ssl/certs
+              name: ssl-certs-host
+              readOnly: true
+            - mountPath: /var/run/dbus
+              name: dbus
+              readOnly: false
         volumes:
           - name: kubeconfig
             hostPath:
@@ -66,4 +73,10 @@ write_files:
           - name: ssl-certs-kubernetes
             hostPath:
               path: ${KUBE_CERTS_PATH}
+          - hostPath:
+              path: ${HOST_CERTS_PATH}
+            name: ssl-certs-host
+          - hostPath:
+              path: /var/run/dbus
+            name: dbus
       EOF