From 76d993cdaefc2d6b88bc524bdec69ffc152d974b Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Mon, 3 Dec 2018 19:50:06 -0800
Subject: [PATCH] Add experimental kube-router CNI provider

* Add kube-router for pod networking and NetworkPolicy
as an experiment
* Experiments are not documented or supported in any way,
and may be removed without notice. They have known issues
and aren't enabled without special options.
---
 aws/container-linux/kubernetes/bootkube.tf           |  2 +-
 aws/fedora-atomic/kubernetes/bootkube.tf             |  2 +-
 azure/container-linux/kubernetes/bootkube.tf         |  2 +-
 bare-metal/container-linux/kubernetes/bootkube.tf    |  2 +-
 bare-metal/fedora-atomic/kubernetes/bootkube.tf      |  2 +-
 digital-ocean/container-linux/kubernetes/bootkube.tf |  2 +-
 digital-ocean/fedora-atomic/kubernetes/bootkube.tf   |  2 +-
 google-cloud/container-linux/kubernetes/bootkube.tf  |  2 +-
 google-cloud/container-linux/kubernetes/network.tf   | 10 +++++-----
 google-cloud/fedora-atomic/kubernetes/bootkube.tf    |  2 +-
 google-cloud/fedora-atomic/kubernetes/network.tf     | 10 +++++-----
 11 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/aws/container-linux/kubernetes/bootkube.tf b/aws/container-linux/kubernetes/bootkube.tf
index c9d68225..f0ef37ec 100644
--- a/aws/container-linux/kubernetes/bootkube.tf
+++ b/aws/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/aws/fedora-atomic/kubernetes/bootkube.tf b/aws/fedora-atomic/kubernetes/bootkube.tf
index daa0e5f5..61a06135 100644
--- a/aws/fedora-atomic/kubernetes/bootkube.tf
+++ b/aws/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/azure/container-linux/kubernetes/bootkube.tf b/azure/container-linux/kubernetes/bootkube.tf
index 3450bc84..33bd4dae 100644
--- a/azure/container-linux/kubernetes/bootkube.tf
+++ b/azure/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/bare-metal/container-linux/kubernetes/bootkube.tf b/bare-metal/container-linux/kubernetes/bootkube.tf
index 34babd67..801591c0 100644
--- a/bare-metal/container-linux/kubernetes/bootkube.tf
+++ b/bare-metal/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name                    = "${var.cluster_name}"
   api_servers                     = ["${var.k8s_domain_name}"]
diff --git a/bare-metal/fedora-atomic/kubernetes/bootkube.tf b/bare-metal/fedora-atomic/kubernetes/bootkube.tf
index 0ab2acb2..500ff10d 100644
--- a/bare-metal/fedora-atomic/kubernetes/bootkube.tf
+++ b/bare-metal/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${var.k8s_domain_name}"]
diff --git a/digital-ocean/container-linux/kubernetes/bootkube.tf b/digital-ocean/container-linux/kubernetes/bootkube.tf
index 69ce9454..1975bece 100644
--- a/digital-ocean/container-linux/kubernetes/bootkube.tf
+++ b/digital-ocean/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
index dccf7927..f8e9217e 100644
--- a/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
+++ b/digital-ocean/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/google-cloud/container-linux/kubernetes/bootkube.tf b/google-cloud/container-linux/kubernetes/bootkube.tf
index 643b5c2c..ebb2af8b 100644
--- a/google-cloud/container-linux/kubernetes/bootkube.tf
+++ b/google-cloud/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/google-cloud/container-linux/kubernetes/network.tf b/google-cloud/container-linux/kubernetes/network.tf
index 9477110b..a507ce8e 100644
--- a/google-cloud/container-linux/kubernetes/network.tf
+++ b/google-cloud/container-linux/kubernetes/network.tf
@@ -57,12 +57,12 @@ resource "google_compute_firewall" "allow-apiserver" {
   target_tags   = ["${var.cluster_name}-controller"]
 }
 
-# Calico BGP and IPIP
-# https://docs.projectcalico.org/v2.5/reference/public-cloud/gce
-resource "google_compute_firewall" "internal-calico" {
-  count = "${var.networking == "calico" ? 1 : 0}"
+# BGP and IPIP
+# https://docs.projectcalico.org/latest/reference/public-cloud/gce
+resource "google_compute_firewall" "internal-bgp" {
+  count = "${var.networking != "flannel" ? 1 : 0}"
 
-  name    = "${var.cluster_name}-internal-calico"
+  name    = "${var.cluster_name}-internal-bgp"
   network = "${google_compute_network.network.name}"
 
   allow {
diff --git a/google-cloud/fedora-atomic/kubernetes/bootkube.tf b/google-cloud/fedora-atomic/kubernetes/bootkube.tf
index cad22391..216812f8 100644
--- a/google-cloud/fedora-atomic/kubernetes/bootkube.tf
+++ b/google-cloud/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=4021467b7f280ceb54320333690e8574a3bd8d84"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=9d6f0c31d36f8e84e9f7187f5fddf5e344b31f56"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
diff --git a/google-cloud/fedora-atomic/kubernetes/network.tf b/google-cloud/fedora-atomic/kubernetes/network.tf
index 9477110b..e6125c3e 100644
--- a/google-cloud/fedora-atomic/kubernetes/network.tf
+++ b/google-cloud/fedora-atomic/kubernetes/network.tf
@@ -57,12 +57,12 @@ resource "google_compute_firewall" "allow-apiserver" {
   target_tags   = ["${var.cluster_name}-controller"]
 }
 
-# Calico BGP and IPIP
-# https://docs.projectcalico.org/v2.5/reference/public-cloud/gce
-resource "google_compute_firewall" "internal-calico" {
-  count = "${var.networking == "calico" ? 1 : 0}"
+# BGP and IPIP
+# https://docs.projectcalico.org/latest/reference/public-cloud/gce
+resource "google_compute_firewall" "internal-bgp" {
+  count = "${var.networking != "flannel" ? 1 : 0}"
 
-  name    = "${var.cluster_name}-internal-calico"
+  name    = "${var.cluster_name}-internal-bpg"
   network = "${google_compute_network.network.name}"
 
   allow {