Add an advertise-address flag. This allows the address that the apiserver binds

to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).

cluster/gce/configure-vm.sh

@@ -496,6 +496,7 @@ project-id = ${PROJECT_ID}
 EOF
     cat <<EOF >>/etc/salt/minion.d/grains.conf
   cloud_config: /etc/gce.conf
+  advertise_address: '${KUBERNETES_MASTER_NAME}'
 EOF
   fi
 }

cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest

@@ -22,6 +22,11 @@
 
 {% endif -%}
 
+{% set advertise_address = "" -%}
+{% if grains.advertise_address is defined -%}
+  {% set advertise_address = "--advertise-address=" + grains.advertise_address -%}
+{% endif -%}
+
 {% set address = "--address=127.0.0.1" -%}
 
 {% set cluster_name = "" -%}
@@ -29,9 +34,9 @@
   {% set cluster_name = "--cluster_name=" + pillar['instance_prefix'] -%}
 {% endif -%}
 
-{% set publicAddressOverride = "" -%}
+{% set bind_address = "" -%}
 {% if grains.publicAddressOverride is defined -%}
-  {% set publicAddressOverride = "--public_address_override=" + grains.publicAddressOverride -%}
+  {% set bind_address = "--bind-address=" + grains.publicAddressOverride -%}
 {% endif -%}
 
 {% set etcd_servers = "--etcd_servers=http://127.0.0.1:4001" -%}
@@ -75,8 +80,7 @@
 {% endif -%}
 
 {% set params = address + " " + etcd_servers + " " + cloud_provider + " " + cloud_config + " " + runtime_config + " " + admission_control + " " + service_cluster_ip_range + " " + client_ca_file + " " + basic_auth_file -%}
-{% set params = params + " " + cluster_name + " " + cert_file + " " + key_file + " --secure_port=" + secure_port + " " + token_auth_file + " " + publicAddressOverride + " " + pillar['log_level'] -%}
-
+{% set params = params + " " + cluster_name + " " + cert_file + " " + key_file + " --secure_port=" + secure_port + " " + token_auth_file + " " + publicAddressOverride + " " + pillar['log_level'] + " " + advertise_address -%}
 
 {
 "apiVersion": "v1beta3",