From 26a53fcd47d8ab7288205fc6ca101547bc47237d Mon Sep 17 00:00:00 2001
From: Bryan Boreham <bryan@weave.works>
Date: Thu, 14 Jul 2016 17:52:51 +0100
Subject: [PATCH 1/2] Use the CNI bridge plugin to set hairpin mode

Pass the flag down in kubenet, and disable it in DockerManager
---
 pkg/kubelet/kubelet.go                       | 2 +-
 pkg/kubelet/network/kubenet/kubenet_linux.go | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
index 1b5329c6399..4672f9c2636 100644
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@@ -428,7 +428,7 @@ func NewMainKubelet(
 			imageBackOff,
 			serializeImagePulls,
 			enableCustomMetrics,
-			klet.hairpinMode == componentconfig.HairpinVeth,
+			klet.hairpinMode == componentconfig.HairpinVeth && networkPluginName != "kubenet",
 			seccompProfileRoot,
 			containerRuntimeOptions...,
 		)
diff --git a/pkg/kubelet/network/kubenet/kubenet_linux.go b/pkg/kubelet/network/kubenet/kubenet_linux.go
index b7de8e68ae3..a1c86e8dcea 100644
--- a/pkg/kubelet/network/kubenet/kubenet_linux.go
+++ b/pkg/kubelet/network/kubenet/kubenet_linux.go
@@ -186,6 +186,7 @@ const NET_CONFIG_TEMPLATE = `{
   "addIf": "%s",
   "isGateway": true,
   "ipMasq": false,
+  "hairpin": "%t",
   "ipam": {
     "type": "host-local",
     "subnet": "%s",
@@ -218,10 +219,11 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf
 	glog.V(5).Infof("PodCIDR is set to %q", podCIDR)
 	_, cidr, err := net.ParseCIDR(podCIDR)
 	if err == nil {
+		setHairpin := plugin.hairpinMode == componentconfig.HairpinVeth
 		// Set bridge address to first address in IPNet
 		cidr.IP.To4()[3] += 1
 
-		json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.MTU, network.DefaultInterfaceName, podCIDR, cidr.IP.String())
+		json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.MTU, network.DefaultInterfaceName, setHairpin, podCIDR, cidr.IP.String())
 		glog.V(2).Infof("CNI network config set to %v", json)
 		plugin.netConfig, err = libcni.ConfFromBytes([]byte(json))
 		if err == nil {

From f21d2dde5a0b7b124407ab504c289c6a36f2f3d7 Mon Sep 17 00:00:00 2001
From: Bryan Boreham <bryan@weave.works>
Date: Thu, 28 Jul 2016 12:34:21 +0100
Subject: [PATCH 2/2] Add comment per review feedback

---
 pkg/kubelet/kubelet.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go
index 4672f9c2636..79c02cfde1d 100644
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@@ -428,6 +428,12 @@ func NewMainKubelet(
 			imageBackOff,
 			serializeImagePulls,
 			enableCustomMetrics,
+			// If using "kubenet", the Kubernetes network plugin that wraps
+			// CNI's bridge plugin, it knows how to set the hairpin veth flag
+			// so we tell the container runtime to back away from setting it.
+			// If the kubelet is started with any other plugin we can't be
+			// sure it handles the hairpin case so we instruct the docker
+			// runtime to set the flag instead.
 			klet.hairpinMode == componentconfig.HairpinVeth && networkPluginName != "kubenet",
 			seccompProfileRoot,
 			containerRuntimeOptions...,