add cni-bin-dir parameter to apiserver

This parameter shoudl be added only for Kubernetes >= 1.6 and it breaks
apiserver when added to older version.

The PR is adding kubernetes_version to check it. There may be a problem
with order of salt run checking the version. I'll fix the race
condition in case we will hit it.

PROD-9961

Change-Id: I9c9f42348d4e40e632dcc0a89b535e8aafa88a4a
diff --git a/kubernetes/map.jinja b/kubernetes/map.jinja
index f36f9e3..594b50b 100644
--- a/kubernetes/map.jinja
+++ b/kubernetes/map.jinja
@@ -1,11 +1,15 @@
+{% set _version = salt['cmd.run']("hyperkube --version | sed -e 's/-.*//g' -e 's/v//g' -e 's/Kubernetes //g' | awk -F '.' '{ print $1 \".\" $2 }'") %}
+
 {% set common = salt['grains.filter_by']({
     'Debian': {
         'pkgs': ['curl', 'git', 'apt-transport-https', 'python-apt', 'nfs-common', 'socat', 'netcat-traditional', 'openssl'],
         'services': [],
+        'version': _version|float,
     },
     'RedHat': {
         'pkgs': ['curl', 'git', 'apt-transport-https', 'python-apt', 'nfs-common', 'socat', 'netcat-traditional', 'python'],
         'services': [],
+        'version': _version|float,
     },
 }, merge=salt['pillar.get']('kubernetes:common')) %}
 
diff --git a/kubernetes/master/controller.sls b/kubernetes/master/controller.sls
index 328a426..a8dd37a 100644
--- a/kubernetes/master/controller.sls
+++ b/kubernetes/master/controller.sls
@@ -1,4 +1,5 @@
 {%- from "kubernetes/map.jinja" import master with context %}
+{%- from "kubernetes/map.jinja" import common with context %}
 {%- if master.enabled %}
 
 /srv/kubernetes/known_tokens.csv:
@@ -83,6 +84,9 @@
         --basic-auth-file=/srv/kubernetes/basic_auth.csv
         --bind-address={{ master.apiserver.address }}
         --client-ca-file=/etc/kubernetes/ssl/ca-{{ master.ca }}.crt
+        {%- if common.version >= 1.6 %}
+        --cni-bin-dir={{ master.apiserver.get('cni_bin_dir', '/opt/cni/bin') }}
+        {%- endif %}
         --etcd-quorum-read=true
         --insecure-bind-address={{ master.apiserver.insecure_address }}
         --insecure-port={{ master.apiserver.get('insecure_port', '8080') }}