Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
**What this PR does / why we need it**:
Currently, vCenter credentials are stored in plain text in vsphere.conf. This PR adds a mechanism in vSphere Cloud Provider to get vCenter credentials from Kubernetes secrets.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Internally review here: https://github.com/vmware/kubernetes/pull/484
**Workflow:**
1. Create vsphere.conf file with ```secret-name``` and ```secret-namespace```.
```
[Global]
insecure-flag = 1
secret-name = "vcconf"
secret-namespace = "kube-system"
[VirtualCenter "10.160.45.119"]
port = 443
datacenters = k8s-dc-1
[Workspace]
server = 10.160.45.119
datacenter = k8s-dc-1
default-datastore = sharedVMFS-0
folder = Discovered virtual machine
```
2. Launch Kubernetes cluster with vSphere Cloud Provider Configured.
3. Create secret with vCenter credentials.
a. Create base64 encoding for username and password:
username:
```
> echo -n 'admin' | base64
YWRtaW4=
```
password:
```
> echo -n 'vsphere' | base64
dnNwaGVyZQ==
```
b. kubectl create -f vccredentials.yaml
```
#vccredentials.yaml
apiVersion: v1
kind: Secret
metadata:
name: vcconf
type: Opaque
data:
10.192.44.199.username: YWRtaW4=
10.192.44.199.password: dnNwaGVyZQ==
```
4. vSphere Cloud Provider can be used now.
**Note:**
Secrets info can be provided with both (old and new) vSphere Cloud provider configuration formats.
**Tests Done:**
- [x] vSphere Cloud Provider unit test.
- [x] Volume lifecyle with Username and Password in vsphere.conf (for backward compability)
- [x] Volume lifecyle with secrets information in vsphere.conf.
- [x] Update secrets workflow
**Release note**:
```release-note
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
```
It is causing data race condition as predicate ordering is changing global
variable predicatesOrdering. Infact this test does not require any special
predicate order and should work on default predicate ordering as far as
VolumeScheduling feature is enabled.
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE provider: add wrapper for security policy
**What this PR does / why we need it**:
Generated mock interface for beta backend service and security policy as well.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixed CSI volume detach when the volume is already detached.
**What this PR does / why we need it**:
"VolumeAttachment NotFound" error should be treated as successful detach.
/sig storage
/assign @vladimirvivien @saad-ali
**Special notes for your reviewer**:
Note that the PR changes just 4 lines in attachment code, the rest is unit test refactoring to inject fake errors.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix a small mistake in function getFieldMeta
**What this PR does / why we need it**:
fix a small mistake in function getFieldMeta
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
```
if e, found := ext["x-kubernetes-patch-strategy"]; found {
strategy, ok := e.(string)
if !ok {
return apply.FieldMetaImpl{}, fmt.Errorf("Expected string for x-kubernetes-patch-strategy by got %T", s)
}
}
```
According the judgment above, I think we should print the type of e.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix e2e "When checkpoint file is corrupted should complete pod sandbo…
…x clean up"
**What this PR does / why we need it**:
This PR fixes the e2e-node test, "When checkpoint file is corrupted should complete pod sandbox clean up"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62738
Related #62937
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
/cc @dashpole @derekwaynecarr
/sig node
Automatic merge from submit-queue (batch tested with PRs 63920, 63716, 63928, 60553, 63946). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add protection for missing apiversion so we never serialize a bad object
we need the json and yaml printers to fail if they are going to serialize a thing that is missing apiversion and kind information. This adds a simple check for it.
@kubernetes/sig-cli-maintainers
/assign @juanvallejo
/assign @soltysh
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63871, 63927, 63966, 63957, 63844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add strategy description for 'kubectl describe sts' command
**What this PR does / why we need it**:
To display `UpdateStrategyType` and `RollingUpdateStrategy` information when execute `kubectl describe sts` command, the output likes:
```
Name: web
Namespace: default
CreationTimestamp: Thu, 17 May 2018 10:21:19 +0800
Selector: app=nginx
Labels: app=nginx
Annotations: <none>
Replicas: 3 desired | 1 total
Update Strategy: RollingUpdate
Partition: 2
Pods Status: 0 Running / 1 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=nginx
Containers:
nginx:
Image: k8s.gcr.io/nginx-slim:0.8
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts:
/usr/share/nginx/html from www (rw)
Volumes: <none>
Volume Claims:
Name: www
StorageClass: my-storage-class
Labels: <none>
Annotations: <none>
Capacity: 1Gi
Access Modes: [ReadWriteOnce]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 10s statefulset-controller create Pod web-0 in StatefulSet web successful
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes None
**Special notes for your reviewer**:
**Release note**:
```release-note
Add 'UpdateStrategyType' and 'RollingUpdateStrategy' to 'kubectl describe sts' command output.
```
Automatic merge from submit-queue (batch tested with PRs 63871, 63927, 63966, 63957, 63844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubectl: fix Flatten() when used without Latest()
**What this PR does / why we need it**:
If `Flatten()` is used on resource builder the list is not flattened unless the `Latest()` is used in the chain.
We should support `Flatten()` without Latest() as well. For example:
```
$ oc apply -l foo=bar -f /tmp/list.yaml
```
will fail with:
```
F0517 13:45:07.831195 31795 helpers.go:119] error: object does not implement the Object interfaces
```
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63871, 63927, 63966, 63957, 63844). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
start splitting polymorphic functions out of the factory
the polymorphic behavior in `kubectl` has been gathered in the factory, but with the new kubeconfigflags and interfaces, it can actually be re-written as a set of helper calls.
These functions are special. They are indications of areas of flexibility that we eventually need to build generically. In addition, unit tests make heavy use of injection. For these reasons we aren't inlining them. Instead we'll extra to a polymorphic package and have them as assignable functions for mocking.
Individual commands should support injection for cleaner mocking and we'll be able to use the package to hunt internal dependencies.
@kubernetes/sig-cli-maintainers
@soltysh @juanvallejo
```release-note
NONE
```
the flakes referenced in #51704 were still seen downstream. the current timeout approach is known to be faulty, but fixing the tests has not been prioritized. this increases the timeout sufficiently to avoid flakes in the meantime
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
minor fix for VolumeZoneChecker predicate
storageclass can be in annotation and spec.
```release-note
minor fix for VolumeZoneChecker predicate, storageclass can be in annotation and spec.
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: add SAML token authentication support
**What this PR does / why we need it**:
The vSphere cloud provider currently supports username+password based authentication, this PR adds an option to use token based authentication.
**Which issue(s) this PR fixes**:
Fixes#63209
**Special notes for your reviewer**:
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
**Release note**:
```release-note
vSphere Cloud Provider: add SAML token authentication support
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor cache based manager
This is support to be no-op refactoring. It will only allow to share code between secret and configmap managers.
