From 4a60c004c3b3f231b41a7cf48ee84408515fc545 Mon Sep 17 00:00:00 2001
From: Donavan Fritz <dfritz@netflix.com>
Date: Tue, 28 Apr 2026 18:11:17 -0500
Subject: [PATCH] agent: include addresses IPs in CNI result
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

resultFromAllocation now appends Addresses entries to the CNI result so
they appear in pod.status.podIPs. Kubernetes and workloads that inspect
pod metadata (e.g. Plex remote-access detection) see the public IPs
alongside the IPAM-allocated ones.

Anycast IPs are intentionally excluded — they're shared across replicas
and must not appear as per-pod IPs in Kubernetes.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
---
 pkg/agent/handlers.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/pkg/agent/handlers.go b/pkg/agent/handlers.go
index d768308..e8e944d 100644
--- a/pkg/agent/handlers.go
+++ b/pkg/agent/handlers.go
@@ -254,6 +254,25 @@ func resultFromAllocation(ifName string, a Allocation) *current.Result {
 			Address:   net.IPNet{IP: ip4, Mask: net.CIDRMask(32, 32)},
 		})
 	}
+	// Addresses are assigned to eth0 and should appear in pod.status.podIPs
+	// so Kubernetes and workloads that inspect pod metadata see them.
+	for _, s := range a.Addresses {
+		ip := net.ParseIP(s)
+		if ip == nil {
+			continue
+		}
+		if v4 := ip.To4(); v4 != nil {
+			r.IPs = append(r.IPs, &current.IPConfig{
+				Interface: intPtr(0),
+				Address:   net.IPNet{IP: v4, Mask: net.CIDRMask(32, 32)},
+			})
+		} else {
+			r.IPs = append(r.IPs, &current.IPConfig{
+				Interface: intPtr(0),
+				Address:   net.IPNet{IP: ip.To16(), Mask: net.CIDRMask(128, 128)},
+			})
+		}
+	}
 	return r
 }