Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add availability zones support to Azure managed disks
**What this PR does / why we need it**:
Continue of [Azure Availability Zone feature](https://github.com/kubernetes/features/issues/586).
This PR adds availability zone support for Azure managed disks and its storage class. Zoned managed disks is enabled by default if there are zoned nodes in the cluster.
The zone could also be customized by `zone` or `zones` parameter, e.g.
```yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
name: managed-disk-zone-1
parameters:
zone: "southeastasia-1"
# zones: "southeastasia-1,"southeastasia-2"
cachingmode: None
kind: Managed
storageaccounttype: Standard_LRS
provisioner: kubernetes.io/azure-disk
reclaimPolicy: Delete
volumeBindingMode: Immediate
```
All zoned AzureDisk PV will also be labeled with its availability zone, e.g.
```sh
$ kubectl get pvc pvc-azuredisk-az-1
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
pvc-azuredisk-az-1 Bound pvc-5ad0c7b8-8f0b-11e8-94f2-000d3a07de8c 5Gi RWO managed-disk-zone-1 2h
$ kubectl get pv pvc-5ad0c7b8-8f0b-11e8-94f2-000d3a07de8c --show-labels
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE LABELS
pvc-5ad0c7b8-8f0b-11e8-94f2-000d3a07de8c 5Gi RWO Delete Bound default/pvc-azuredisk-az-1 managed-disk-zone-1 2h failure-domain.beta.kubernetes.io/region=southeastasia,failure-domain.beta.kubernetes.io/zone=southeastasia-1
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
See also the [KEP](https://github.com/kubernetes/community/pull/2364).
DynamicProvisioningScheduling feature would be added in a following PR.
**Release note**:
```release-note
Azure managed disks now support availability zones and new parameters `zoned`, `zone` and `zones` are added for AzureDisk storage class.
```
/kind feature
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Zones implementation for vSphere cloud provider needs dependencies
which are not included in current vmware/govmomi vendor. So this
update added "vapi" package to support zones.
Automatic merge from submit-queue (batch tested with PRs 65730, 66615, 66684, 66519, 66510). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add DynamicProvisioningScheduling support for EBS
**What this PR does / why we need it**:
This PR adds support for the DynamicProvisioningScheduling feature in EBS. With this in place, if VolumeBindingMode: WaitForFirstConsumer is specified in a EBS storageclass and DynamicProvisioningScheduling is enabled, EBS provisioner will use the selected node's LabelZoneFailureDomain as the zone to provision the EBS volume in.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Related to #63232
Sample `describe pv` output with NodeAffinity populated:
```
~$ kubectl describe pv pvc-f9d2138b-7e3e-11e8-a4ea-064124617820
Name: pvc-f9d2138b-7e3e-11e8-a4ea-064124617820
Labels: failure-domain.beta.kubernetes.io/region=us-west-2
failure-domain.beta.kubernetes.io/zone=us-west-2a
Annotations: kubernetes.io/createdby=aws-ebs-dynamic-provisioner
pv.kubernetes.io/bound-by-controller=yes
pv.kubernetes.io/provisioned-by=kubernetes.io/aws-ebs
Finalizers: [kubernetes.io/pv-protection]
StorageClass: slow3
Status: Bound
Claim: default/pvc3
Reclaim Policy: Delete
Access Modes: RWO
Capacity: 6Gi
Node Affinity:
Required Terms:
Term 0: failure-domain.beta.kubernetes.io/zone in [us-west-2a]
failure-domain.beta.kubernetes.io/region in [us-west-2]
Message:
Source:
Type: AWSElasticBlockStore (a Persistent Disk resource in AWS)
VolumeID: aws://us-west-2a/vol-0fc1cdae7d10860f6
FSType: ext4
Partition: 0
ReadOnly: false
Events: <none>
```
**Release note**:
```release-note
none
```
/sig storage
/assign @msau42 @jsafrane
Automatic merge from submit-queue (batch tested with PRs 66489, 66728, 66739). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Speed up volume modifications on AWS
Volume becomes reusable after it reached optimizing state.
/sig storage
/sig aws
```release-note
Make EBS volume expansion faster
```
cc @d-nishi @kokhang
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement InstanceShutdownByProviderID for vSphere CP
**What this PR does / why we need it**:
To detach volumes from shutdown nodes #66181
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 66225, 66648, 65799, 66630, 66619). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Azure Go SDK to v19.0.0 and get availability zone for VirtualMachineScaleSetVM
**What this PR does / why we need it**:
Continue of #66242. This PR updates Azure Go SDK to v19.0.0 (with compute API 2018-04-01) and gets availability zones for VirtualMachineScaleSetVM.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure Go SDK has been upgraded to v19.0.0 and VirtualMachineScaleSetVM now supports availability zones.
```
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Automatic merge from submit-queue (batch tested with PRs 66464, 66488). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Avoid overflowing int64 in RoundUpSize and return error if overflow int
**What this PR does / why we need it**:
There are many places in plugins (some I may have missed) that we naively convert a resource.Quantity.Value() which is an int64, to an int, which may be only 32 bits long.
Background, optional to read :): Kubernetes canonicalizes resource.Quantities, and from what I have seen testing creating PVCs, decimalSI is the default. If a quantity is in `decimalSI` format and its value in bytes would overflow an int64, e.g. `10E`, nothing happens. If it is in binarySI and its value in bytes would overflow an int64, e.g. `10Ei`, it is set down to 2^63-1 and there's no overflow of the field value. But there may be overflow later in the code which is what this PR is addressing.
* Change `RoundUpSize` implementation to avoid overflowing `int64`
* Add `RoundUp*Int` functions for use when an `int` is expected instead of an `int64`, because `int` may be 32bits and naively doing `int($INT64_VALUE)` can lead to silent overflow. These functions return an error if overflow has occurred.
* Rename `*GB` variables to `*GiB` where appropriate for maximum clarity
* Use `RoundUpToGiB` instead of `RoundUpSize` where possible
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**: please review carefully as we don't have e2e tests for most plugins!
**Release note**:
```release-note
NONE
```
edit: remove 'we do not need to worry about...'. yes we do, i worded that badly :))
Automatic merge from submit-queue (batch tested with PRs 62423, 66180, 66492, 66506, 65242). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add user assigned MSI support
**What this PR does / why we need it**:
Adds the support for generating tokens via user assigned MSI.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Add support for using User Assigned MSI (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview) with Kubernetes cluster on Azure.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add myself, Micah to reviewers
**Release note**:
```release-note
NONE
```
Signed-off-by: Nick Turner <nic@amazon.com>
Automatic merge from submit-queue (batch tested with PRs 66098, 66389, 66400, 66413, 66378). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Return correct error type and HTTP Status code for operation errors
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#66399
**Special notes for your reviewer**:
/assign bowei, zihongz, rramkumar
/cc bowei
**Release note**:
```release-note
GCE: Fixes loadbalancer creation and deletion issues appearing in 1.10.5.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add initial availability zones support for Azure nodes
**What this PR does / why we need it**:
The first part of [Azure Availability Zone feature](https://github.com/kubernetes/features/issues/586).
This PR adds initial availability zone (AZ) support for Azure nodes. With this PR, Azure nodes with AZ will have label `failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>`, e.g. `southeastasia-1`.
It also updates instance metadata api-version to 2017-12-01, which is required for AZ.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
VirtualMachineScaleSetVM doesn't have AZ info yet. It will be supported later after new Azure Go SDK releases.
**Release note**:
```release-note
Azure nodes with availability zone now will have label `failure-domain.beta.kubernetes.io/zone=<region>-<zoneID>`.
```
/kind feature
/sig azure
/assign @brendandburns @khenidak @andyzhangx
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add error check and ignore unused variable (SA4006)
**What this PR does / why we need it**:
Fix some bugs in cloud provider vsphere, issue can be found here #66303
```pkg/cloudprovider/providers/vsphere/nodemanager.go:176:5: defers in this range loop won't run unless the channel gets closed (SA9001)
pkg/cloudprovider/providers/vsphere/vclib/diskmanagers/vmdm.go:129:8: this value of err is never used (SA4006)
pkg/cloudprovider/providers/vsphere/vsphere.go:596:34: argument ctx is overwritten before first use (SA4009)
pkg/cloudprovider/providers/vsphere/vsphere_test.go:360:2: this value of instanceID is never used (SA4006)
pkg/cloudprovider/providers/vsphere/vsphere_util.go:301:3: defers in this infinite loop will never run (SA5003)
```
**Special notes for your reviewer**:
I fixed ```SA4006``` report in that issue, but there are still other code needed to discuss and fix.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix locating resourcepool-path specified in the vsphere.conf file
**What this PR does / why we need it**:
When volume is provisioned using the vsphere storage policy, `resourcepool-path` specified in the `vsphere.conf` file is used for creating a shadow/dummy VM. Dummy VM is temporarily created and then deleted once volume is created on the compatible Datastore.
At present If user specifies `resourcepool-path` in the `vsphere.conf` file, volume provisioner is not able to locate the compute resource for the given path. This is because look up is made using `finder.DefaultComputeResource(ctx)` and `finder.ComputeResource(ctx, computePath)`, which is not correct. If user specifies name of the cluster or cluster path then provisioning works.
This is resolved with using correct govmomi method - `func (f *Finder) ResourcePoolOrDefault(ctx context.Context, path string) (*object.ResourcePool, error)`
**Which issue(s) this PR fixes**
Fixes # https://github.com/vmware/kubernetes/issues/493
**Special notes for your reviewer**:
Following testing is performed for this change.
1) specified resource-pool path in the `vsphere.conf` file and verified VM is created under the specified resource pool.
```
resourcepool-path="ClusterFolder-1/cluster-vsan-1/Resources/ShadowVMPool"
```
2) If resource pool is not available, specified cluster's default resource pool path in the `vsphere.conf` file and verified volume provisioning works. For this case, VM is directly created under cluster.
```
resourcepool-path="ClusterFolder-1/cluster-vsan-1/Resources"
```
3) Verified above with having multiple clusters with the same name in one datacenter.
4) Verified with empty resource pool path in the vsphere.conf file.
```
resourcepool-path=""
```
As expected, provisioning is failing with `Failed to provision volume with StorageClass "vsan-gold-policy": no default resource pool found`.
Refer to this datacenter inventory for the path specified in the `resourcepool-path` configuration.
Current documentation describes `resourcepool-path`configuration is optional, which needs to be corrected once PR is merged. For policy based provisioning this is not an optional parameter.
Documentation link: https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/existing.html
**Release note**:
```release-note
Fix for resourcepool-path configuration in the vsphere.conf file.
```
cc: @kubernetes/vmware
Automatic merge from submit-queue (batch tested with PRs 66121, 66140, 66045). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Support setting azure LB idle timeout
**What this PR does / why we need it**:
Adds a new annotation to allow users to configure the idle timeout of
the Azure LB.
**Release note**:
```release-note
Support configuring the Azure load balancer idle connection timeout for services
```
Automatic merge from submit-queue (batch tested with PRs 66122, 66007). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Return vmUUID when renewing nodeinfo in VCP
**What this PR does / why we need it**:
This PR fixes an issue that VM UUID is removed when renewing node information in vSphere cloud provider
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig vmware
Automatic merge from submit-queue (batch tested with PRs 66076, 65792, 65649). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kubernetes: fix printf format errors
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add region label to dynamic provisioned cinder PVs
**What this PR does / why we need it**:
This PR adds region label to dynamic provisioned Cinder PVs at the time of the PV creation.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65977
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
These are all flagged by Go 1.11's
more accurate printf checking in go vet,
which runs as part of go test.
Lubomir I. Ivanov <neolit123@gmail.com>
applied ammend for:
pkg/cloudprovider/provivers/vsphere/nodemanager.go
Automatic merge from submit-queue (batch tested with PRs 65902, 65781). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
if loadbalancer section is not defined in cloudconfig, do not init support
**What this PR does / why we need it**: if LoadBalancer section is not defined in cloudconfig, we should not initialize loadbalancer support for openstack cloudprovider.
**Which issue(s) this PR fixes**:
Fixes#65775
**Special notes for your reviewer**:
**Release note**:
```release-note
If LoadBalancer is not defined in cloud config, the loadbalancer is not initialized anymore in openstack. All setups must have some setting under that section
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Store the latest cloud provider node addresses
**What this PR does / why we need it**:
Buffer the recently retrieved node address so they can be used as soon as the next node status update is run.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65814
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
Setting the client UserAgent makes it easier to identify vCenter sessions
used by the vSphere Cloud Provider. This is useful to remove sessions that
have leaked, such as when a VCP process goes away without calling Logout().
And to test that VCP properly re-authenticates when a session is removed.
Example use:
govc session.ls | grep kubernetes-cloudprovider | awk '{print $1}' | xargs -n1 govc session.rm
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
skip nic that are in failing state
**What this PR does / why we need it**: this fixes partially #65025. Currently when getting primary NIC for VMSS the provisioning state isn't returned.
**Which issue(s) this PR fixes** : Fixes partially (for VMAS) #65025
**Special notes for your reviewer**:
/assign @feiskyer
**Release note**:
```release-note
skip nodes that have a primary NIC in a 'Failed' provisioningState
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Setup TLS with CA Cert for vsphere cloud provider
- Extend config to take a path to a CA Certificate
- Use the CA Cert when establishing a connection with the SOAP client
Testing
We provide certs and keys for tests as fixtures, `vclib/fixtures`.
Those were created (and can be regenerated) using `vclib/fixtures/createCerts.sh`.
At the moment it's possible to configure a CA path and at the same time allow insecure
communication between vsphere cloud provider and vcenter. This may
change in the future; we might opt for overwriting the insecure
communication if a CA is configured / log and transparently pass the
arguments to the vcenter command / other. To be discussed.
At the moment the CA is a global level configuration. In other
words, all vcenter servers need to use certificates signed by the same
CA. There might be use cases for different CA per vcenter server; to be
discussed.
**What this PR does / why we need it**:
This PR adds the option of configuring a trusted CA for the communication between the vsphere cloud provider and the vcenter control plane.
**Which issue(s) this PR fixes**:
Fixes#64222
**Special notes for your reviewer**:
**Release note**:
```release-note
- Can configure the vsphere cloud provider with a trusted Root-CA
```
Automatic merge from submit-queue (batch tested with PRs 64575, 65120, 65463, 65434, 65522). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Revendor GCE Go Client
Revendor GCE API go client and switch to use beta neg api in gce cloud provider.
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 65492, 65516, 65447). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix azure disk creation issue when specifying external resource group
**What this PR does / why we need it**:
fix azure disk creation issue when specifying external resource group, after azure disk creation succeeded, it fails to get azure disk state since it's still using original resource group
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65515
**Special notes for your reviewer**:
Together with https://github.com/kubernetes/kubernetes/pull/65443, this feature has been done, I will cherry-pick to prior versions later.
So in the end, we have two ways to make azure disk dynamic provision under an external resource group
- specify `resourcegroup` parameter in azure disk storage class
```
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: hdd
provisioner: kubernetes.io/azure-disk
parameters:
skuname: Standard_LRS
kind: managed
cachingmode: None
resourcegroup: USER-SPECIFIED-RG
```
- specify `volume.beta.kubernetes.io/resource-group` in PVC annotations
```
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-azuredisk
annotations:
volume.beta.kubernetes.io/resource-group: "USER-SPECIFIED-RG"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hdd
```
**Release note**:
```
fix azure disk issue when specifying external resource group
```
/kind bug
/sig azure
@jsafrane @rootfs
Just FYI @khenidak @brendandburns @feiskyer
Automatic merge from submit-queue (batch tested with PRs 65507, 65508, 65486). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix typo in vsphere cloud provider comment
**What this PR does / why we need it**:
Fix typo in code of vsphere cloud provider
As far as I know, it's not purchased by Google right..?
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65449, 65373, 49410). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
OpenStack LBaaS fix: must use ID, not name, of the node security group
This is a bugfix for the OpenStack LBaaS cloud provider security group management.
A bit of context: When creating a load balancer for a given `type: LoadBalancer` service, the provider will try to:
(see `pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go`/`EnsureLoadBalancer`)
1. create a load balancer (LB) in Openstack with listeners corresponding to the service's ports
2. attach a floating IP to the LB's network port
If `manage-security-groups` is enabled in controller-manager's cloud.conf:
3. create a security group with ingress rules corresponding to the LB's listeners, and attach it to the LB's network port
4. for all nodes of the cluster, pick an existing security group for the nodes ("node security group") and add ingress rules to it exposing the service's NodePorts to the security group created in step 3.
In the current upstream master, steps 1 through 3 work fine, step 4 fails, leading to a service that's not accessible via the LB without further manual intervention.
The bug is in the "pick an existing security group" operation (func `getNodeSecurityGroupIDForLB`), which, contrary to its name, will return the security group's name rather than its ID (actually it returns a list of names rather than IDs, apparently to cover some corner cases where you might have more than one node security group, but anyway). This will then be used when trying to add the ingress rules to the group, which the Openstack API will reject with a 404 (at least on our (fairly standard) Openstack Ocata installation) because we're giving it a name where it expects an ID.
The PR adds a "get ID given a name" lookup to the `getNodeSecurityGroupIDForLB` function, so it actually returns IDs. That's it. I'm not sure if the upstream code wasn't really tested, or maybe other people use other Openstacks with more lenient APIs. The bug and the fix is always reproducible on our installation.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58145
**Special notes for your reviewer:**
Should we turn `getNodeSecurityGroupIDForLB` into a method with the lbaas as its receiver because it now requires two of the lbaas's attributes? I'm not sure what the conventions are here, if any.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65156, 65448). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] move NEG out of featuregate
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes # https://github.com/kubernetes/ingress-gce/issues/274
**Release note**:
-->
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65164, 65258). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Query candidate zones for EBS when zone/zones not passed
**What this PR does / why we need it**:
This PR skips invoking `getCandidateZonesForDynamicVolume` to query EC2 zones of instances when zone/zones is present.
/sig storage
**Release note**:
```
none
```
Automatic merge from submit-queue (batch tested with PRs 61330, 64793, 64675, 65059, 65368). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[gce provider ] Wrapper for beta backend service create/update
**What this PR does / why we need it**:
Feel free to wait after 1.11 code freeze.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 65024, 65287, 65345, 64693, 64941). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change signature of SetUrlMapForTargetHTTPProxy
**Special notes for your reviewer**:
/assign MrHohn
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Change Azure ARM Rate limiting error message
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65284
Change Azure ARM Rate limiting error message
**Special notes for your reviewer**:
@khenidak
**Release note**:
```release-note
Change Azure ARM Rate limiting error message.
```
Automatic merge from submit-queue (batch tested with PRs 65187, 65206, 65223, 64752, 65238). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixed detection of inaccessible AWS encryption key.
AWS provisioner now checks if created encrypted volume gets "Available" or it gets silently deleted by AWS because StorageClass referenced invalid (e.g. non-existing) KMS key for encryption.
This seems to be the only way how to detect such invalid key, because Kubernetes may not have enough permission to check if the key exists.
**Which issue(s) this PR fixes**
Fixes#62171
**Special notes for your reviewer**:
**Release note**:
```release-note
AWS now checks for validity of ecryption key when creating encrypted volumes. Dynamic provisioning of encrypted volume may get slower due to these checks.
```
/sig aws
/sig storage
@kubernetes/sig-aws-misc
Automatic merge from submit-queue (batch tested with PRs 65152, 65199, 65179, 64598, 65216). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not query for VMUUID in vsphere cloud provider if it was explicitly passed
**What this PR does / why we need it**:
It allows running the kube controller-manager with the vsphere cloudprovider enabled on a machine that is not a vmware VM
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#65145
**Special notes for your reviewer**:
**Release note**:
```release-note
In the vSphere cloud provider the `Global.vm-uuid` configuration option is not deprecated anymore, it can be used to overwrite the VMUUID on the controller-manager
```
/sig vmware
Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Handle empty cluster UID in instance group name
**What this PR does / why we need it**:
This PR handles an empty cluster UID when generating InstanceGroupName. The current implementation will create a name ending in "--" which is invalid.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 64895, 64938, 63700, 65050, 64957). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
set EnableHTTPSTrafficOnly in azure storage account creation
**What this PR does / why we need it**:
Enforce azure storage account creation with https traffic only, this PR will apply for both azure disk & azure file features.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64956
**Special notes for your reviewer**:
Tests with azure disk & azure file all pass
**Release note**:
```
Enforce azure storage account creation with https traffic only
```
/sig azure
/kind feature
/assign @khenidak
Automatic merge from submit-queue (batch tested with PRs 65032, 63471, 64104, 64672, 64427). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add external resource group support for azure disk
**What this PR does / why we need it**:
add external resource group support for azure disk,
- without this PR, user could only create dynamic azure disk in the same resource group as cluster
- with this PR, user could specify external resource group in PVC:
```
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-azuredisk
annotations:
volume.beta.kubernetes.io/resource-group: "USER-SPECIFIED-RG"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hdd
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64388
**Special notes for your reviewer**:
Pls note above config won't change resource group for azure disk forever, next time if user don't specify resource group, only default resource group will be used.
**Release note**:
```
add external resource group support for azure disk
```
/sig azure
/assign @feiskyer @karataliu
/cc @khenidak
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add @andrewsykim as pkg/cloudprovider approver
**What this PR does / why we need it**:
adds myself as an approver for pkg/cloudprovider
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move out azure_loadbalancer.md to cloud provider repository
**What this PR does / why we need it**:
Move out doc to cloud provider repository.
The file 'azure_loadbalancer.md' has been moved to cloud provider repository in https://github.com/kubernetes/cloud-provider-azure/pull/23 , this PR is to remove it from upstream.
**Which issue(s) this PR fixes**
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @feiskyer
- Extend config to take a path to a CA Certificate
- Use the CA Cert when establishing a connection with the SOAP client
Testing
We provide certs and keys for tests as fixtures, `vclib/fixtures`.
Those were created (and can be regenerated) using `vclib/fixtures/createCerts.sh`.
At the moment it's possible to configure a CA path and at the same time allow insecure
communication between vsphere cloud provider and vcenter. This may
change in the future; we might opt for overwriting the insecure
communication if a CA is configured / log and transparently pass the
arguments to the vcenter command / other. To be discussed.
At the moment the CA is a global level configuration. In other
words, all vcenter servers need to use certificates signed by the same
CA. There might be use cases for different CA per vcenter server; to be
discussed.
Automatic merge from submit-queue (batch tested with PRs 63386, 64624, 62297, 64847). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactoring GCE Disk APIs to use generated client
**What this PR does / why we need it**: Improves maintainability and testing of GCE disks code.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62296
Note that `gen.go` and `gen_test.go` are generated files.
I'm planning to do a more extensive refactor that takes advantage of the generated cloud provider mocks, but that'll be in a separate PR and will be a larger change.
/cc @davidz627
/assign @saad-ali
/release-note-none
/sig storage
Automatic merge from submit-queue (batch tested with PRs 64009, 64780, 64354, 64727, 63650). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Update cloud provider to use TPU v1 API
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
GCE: Update cloud provider to use TPU v1 API
```
/assign @vishh
/assign @cheftako
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE PD plugin now prevents attaching a regional PD PV with pdName of …
…a regular PD
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63317
/sig storage
/sig gcp
/assign @msau42 @saad-ali
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix panic while provisioning Azure security group rules
**What this PR does / why we need it**:
kube-controller-manager panic when provisioning Azure security group rules, especially when securityGroupName is wrong configured. This PR fixes the issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64716
**Special notes for your reviewer**:
Should also cherry pick to release-1.10.
**Release note**:
```release-note
Fix kube-controller-manager panic while provisioning Azure security group rules
```
Automatic merge from submit-queue (batch tested with PRs 64364, 64369, 63819, 64528). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[gce provider] More wrappers for alpha/beta backend service
**What this PR does / why we need it**:
Sorry, some more wrapper functions I missed last time.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] use fakeGCECloud instead of gce address fakes
**What this PR does / why we need it**:
Use the fakeGCECloud mock instead of FakeCloudAddressService.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57082, 64325, 64016, 64443, 64403). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow AWS EBS volumes to be attached as ReadOnly.
**Which issue(s) this PR fixes**
Fixes#64402
**Special notes for your reviewer**:
This follows logic e.g. in Cinder volume plugin.
**Release note**:
```release-note
AWS EBS volumes can be now used as ReadOnly in pods.
```
/sig storage
/sig aws
Automatic merge from submit-queue (batch tested with PRs 64318, 64269, 64438, 64516, 64311). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure that only IPs are used as node addresses in OpenStack LBs
**What this PR does / why we need it**:
ATM, when no InternalIP can be found for a node, the openstack cloud provider tries to create a LB with whatever is the first address it can find for the node. This could also be the hostname or a dns name.
However, LBaaS will reject anything that is not an IP address for pool members. Therefore a meaningful error should be returned instead of just returning the first address of the node, even if it is clear that this will lead to an error in LBaaS.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64317
**Special notes for your reviewer**:
**Release note**:
```release-note
Provide a meaningful error message in openstack cloud provider when no valid IP address can be found for a node
```
Automatic merge from submit-queue (batch tested with PRs 64288, 64343). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[gce provider] Add more wrappers for security policy
**What this PR does / why we need it**:
Adding more wrappers for security policy, mostly for implementing the e2e test.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update function hasClusterTag to fix issue #64230
**What this PR does / why we need it**:
Fixes issue #64230, by changing function hasClusterTag, in aws/tags.go, to ensure that, when called with a list of tags containing a tag with a key which matches clusterTagKey, function will return true even if a tag with key TagNameKubernetesClusterLegacy also exists in the list with a value other than the ClusterID.
**Which issue(s) this PR fixes**:
Fixes#64230
**Special notes for your reviewer**:
Notes are in issue
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63319, 64248, 64250, 63890, 64233). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add reason message logs for non-exist Azure resources
**What this PR does / why we need it**:
In azure_wrap.go the function checkResourceExistsFromError() looks at a received error and determines it to be a ResourceNotFound if the HTTP status is http.StatusNotFound. However, the HTTP status also equals http.StatusNotFound in case of SubscriptionNotFound.
this PR adds logs to indict the real error messages for such case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#64220
**Special notes for your reviewer**:
**Release note**:
```release-note
Add reason message logs for non-exist Azure resources
```
Fixes issue #64230, by changing function hasClusterTag, in aws/tags.go, to ensure that a list of tags containing a tag with a key which matches clusterTagKey will return true even if a TagNameKubernetesClusterLegacy tag also exists in the list with a value other than the ClusterID.
/sig aws
Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
**What this PR does / why we need it**:
Currently, vCenter credentials are stored in plain text in vsphere.conf. This PR adds a mechanism in vSphere Cloud Provider to get vCenter credentials from Kubernetes secrets.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Internally review here: https://github.com/vmware/kubernetes/pull/484
**Workflow:**
1. Create vsphere.conf file with ```secret-name``` and ```secret-namespace```.
```
[Global]
insecure-flag = 1
secret-name = "vcconf"
secret-namespace = "kube-system"
[VirtualCenter "10.160.45.119"]
port = 443
datacenters = k8s-dc-1
[Workspace]
server = 10.160.45.119
datacenter = k8s-dc-1
default-datastore = sharedVMFS-0
folder = Discovered virtual machine
```
2. Launch Kubernetes cluster with vSphere Cloud Provider Configured.
3. Create secret with vCenter credentials.
a. Create base64 encoding for username and password:
username:
```
> echo -n 'admin' | base64
YWRtaW4=
```
password:
```
> echo -n 'vsphere' | base64
dnNwaGVyZQ==
```
b. kubectl create -f vccredentials.yaml
```
#vccredentials.yaml
apiVersion: v1
kind: Secret
metadata:
name: vcconf
type: Opaque
data:
10.192.44.199.username: YWRtaW4=
10.192.44.199.password: dnNwaGVyZQ==
```
4. vSphere Cloud Provider can be used now.
**Note:**
Secrets info can be provided with both (old and new) vSphere Cloud provider configuration formats.
**Tests Done:**
- [x] vSphere Cloud Provider unit test.
- [x] Volume lifecyle with Username and Password in vsphere.conf (for backward compability)
- [x] Volume lifecyle with secrets information in vsphere.conf.
- [x] Update secrets workflow
**Release note**:
```release-note
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
```
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE provider: add wrapper for security policy
**What this PR does / why we need it**:
Generated mock interface for beta backend service and security policy as well.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: add SAML token authentication support
**What this PR does / why we need it**:
The vSphere cloud provider currently supports username+password based authentication, this PR adds an option to use token based authentication.
**Which issue(s) this PR fixes**:
Fixes#63209
**Special notes for your reviewer**:
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
**Release note**:
```release-note
vSphere Cloud Provider: add SAML token authentication support
```
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
Fixes#63209
Automatic merge from submit-queue (batch tested with PRs 63686, 63736). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate photon cloud provider
vmware/photon-controller is no longer maintained, as of Oct 2017.
Adds a detail field to deprecatedCloudProviders, meant for pointing to external provider url or other reason for deprecation.
**What this PR does / why we need it**:
The photon cloud provider is no longer supported, need to let users know.
Photon controller support has already been removed from kube-up in PR #58096
**Release note**:
```release-note
NONE
```
vmware/photon-controller is no longer maintained, as of Oct 2017.
Adds a detail field to deprecatedCloudProviders, meant for pointing to external provider url or other reason for deprecation.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
should use time.Since instead of time.Now().Sub
**What this PR does / why we need it**:
should use time.Since instead of time.Now().Sub
**Special notes for your reviewer**:
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include more information when multiple security groups are tagged
**What this PR does / why we need it**:
When trying to create ELB we can sometime fail if there is more then one AWS
security group tagged. It very useful to get the list of security groups printed in
the error message.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Include the list of security groups when failing with the errors that more then one is tagged
```
Automatic merge from submit-queue (batch tested with PRs 63563, 63541). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not check vmSetName when getting Azure node's IP
**What this PR does / why we need it**:
Do not check vmSetName when getting Azure node's IP.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63538
**Special notes for your reviewer**:
**Release note**:
```release-note
Do not check vmSetName when getting Azure node's IP
```
Automatic merge from submit-queue (batch tested with PRs 63364, 63464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vsphere: use vim25.Client directly to support token authentication
**What this PR does / why we need it**:
This refactor is in support of SAML token authentication: #63209
Avoid use of govmomi.Client as it only supports username+password authentication via SessionManager.Login().
Using vim25.Client directly will allow VCP to add other authentication methods,
such as SessionManager.LoginByToken().
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
adding support for VM name with extra Separator String
**What this PR does / why we need it**:
Allows the Azure VM name to have within their name the `_` character
**Special notes for your reviewer**:
This is the error I got before testing
```
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: I0507 21:55:14.462125 39465 azure_vmss.go:108] getVmssVM gets scaleSetName ("kn-infra_ss") and instanceID ("0") for node "kn-infra000000"
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: E0507 21:55:14.462147 39465 azure_vmss_cache.go:52] Failed to extract vmssVMName "kn-infra_ss_0"
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: F0507 21:55:14.462160 39465 kubelet.go:1349] Kubelet failed to get node info: failed to get external ID from cloud provider: not a vmss instance
```
**Release note**:
```release-note
Azure VMSS: support VM names to contain the `_` character
```
The TestVSphereLogin method still defaults to testing against a real vCenter,
but if the required environment variables are not set, it can test against vcsim.
More tests can be converted to use configFromEnvOrSim(), but can be in follow up PRs.
This refactor is in support of SAML token authentication: #63209
Avoid use of govmomi.Client as it only supports username+password authentication via SessionManager.Login().
Using vim25.Client directly will allow VCP to add other authentication methods,
such as SessionManager.LoginByToken().
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up Azure clients
**What this PR does / why we need it**:
Follow up of #63278 (Use new Azure SDK APIs for load balancer and public IP operations), clean up all other clients.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Follow up of #63278
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61725, 63261). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use cloudprovider.NotImplemented in AddSSHKeyToAllInstances
**What this PR does / why we need it**:
Minor cleanup: In looking at implementations of this method,
noticed a few providers created their own errors instead of using cloudprovider.NotImplemented
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62657, 63278, 62903, 63375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use new Azure SDK APIs for load balancer and public IP operations
**What this PR does / why we need it**:
#63063 updated Azure SDK to a stable version. After that, we should also update existing clients to use new SDK APIs.
Without this, public IP listing will be blocked forever in some case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
A following PR will be sent for other interfaces, e.g. routes and NSGs.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62060, 62516). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Add new formats to resource parser and self link creator
**What this PR does / why we need it**:
- Expands the set of parse-able strings for resource IDs, while also simplifying the code. Note that these are acceptable values for some fields in GCP API.
- global/networks/my-network
- regions/us-central1/subnetworks/my-sub
- zones/us-central1-a/instances/my-hacker-instance
- Fixes the SelfLink function to return links for regions and zones:
- https://www.googleapis.com/compute/v1/projects/proj4/regions/us-central1
- Generates helper functions to create a ResourceID for each resource
- Generates a unit test that ensures all links can be generated and all generated links can be parsed.
- Fixes an ILB test which creates a malformed URL.
**Special notes for your reviewer**:
/assign rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63349, 63294). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add metric for throttled requests in AWS
**What this PR does / why we need it**:
This PR adds a metric for request throttling in AWS.
**Special notes for your reviewer**:
* Added metric.
* Moved metrics-related code to `aws_metrics.go`.
* Capitalized acronyms, e.g., `recordAwsMetric` to `recordAWSMetric`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set names for OpenStack loadbalancer members and monitors
**What this PR does / why we need it**:
This PR sets names for OpenStack loadbalancer members and monitors.
ATM names for members and monitors are empty, making it difficult to identify where they belong.
Healthmonitors will be named `monitor_<lb_name>_<index>` and members
will be named `member_<lb_name>_<index>_<node_name>`.
This naming scheme should in sync with the naming of other LB resources, e.g. pools: `pool_<lb_name>_<index>`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59879, 62729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openstack: fix orphaned route deletion
This is a follow-up to #56258 which only got half of the work done.
The OpenStack cloud providers DeleteRoute method fails to delete routes when it can’t find the corresponding instance in OpenStack.
```release-note
OpenStack cloudprovider: Fix deletion of orphaned routes
```
Minor cleanup: In looking at implementations of this method,
noticed a few providers created their own errors instead of using cloudprovider.NotImplemented
Automatic merge from submit-queue (batch tested with PRs 63129, 63066, 60009, 63136, 63086). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add node shutdown taint
**What this PR does / why we need it**: we need node stopped taint in order to detach volumes immediately without waiting timeout. More info in issue ticket #58635
**Which issue(s) this PR fixes**
Fixes#58635
**Special notes for your reviewer**: this was reverted, original PR https://github.com/kubernetes/kubernetes/pull/59323 Hopefully now bugs are fixed. However, I will execute more tests manually today.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63007, 62919, 62669, 62860). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix vSphere Cloud Provider to handle upgrade from k8s version less than v1.9.4 to v1.9.4+
**What this PR does / why we need it**:
vSphere Cloud Provider in kubernetes master v1.9.4+ is not able to identify the kubernetes nodes of version less than 1.9.4. Hence, volume operations fail in this case. This PR fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62435
**Special notes for your reviewer**:
Internally reviewed here: https://github.com/vmware/kubernetes/pull/477
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 62857, 62707). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of standard LB to Azure vmss
**What this PR does / why we need it**:
Add support of standard LB to Azure vmss.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60485
**Special notes for your reviewer**:
**Release note**:
```release-note
Add support of standard LB to Azure vmss
```
/sig azure
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[vSphere Cloud Provider] Fix detach disk when VM is not found
**What this PR does / why we need it**:
When VM is deleted from VC inventory and detach request is issued detach returns error since VM cannot be found. In this scenario, detach should return no error if VM is not found. This PR fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61707.
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
@kubernetes/vmware
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Parallelize GCE loadbalancer tests
**What this PR does / why we need it**:
- Encapsulate IP counter in Mocks. Previously, ipCounter was a global int modified by multiple tests.
- Use mock-provided Lock before modifying resources.
- Parallelize loadbalancer tests.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add @andrewsykim to OWNERS for cmd/cloud-controller-manager,pkg/contr…
**What this PR does / why we need it**:
Add myself as an approver for CCM related code.
cc @wlan0
**Release note**:
```release-note
Add @andrewsykim as an approver for CCM related code.
```
This is a follow-up to #56258 which only half of the work done.
The DeleteRoute method failed to delete routes when it can’t find the corresponding node in OpenStack.
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use function aws.Int64Value replace of deprecated function orZero
**What this PR does / why we need it**:
```
// orZero returns the value, or 0 if the pointer is nil
// Deprecated: prefer aws.Int64Value
func orZero(v *int64) int64 {
return aws.Int64Value(v)
}
```
Use function aws.Int64Value replace of deprecated function orZero and remove unused orZero .
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61549, 62230, 62055, 61082, 62212). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
don't do attach and deatch when cinder volume status is error
When cinder volume status is `error`, it is not supposed to handle operation like `attach` and `detach`
@dims @FengyunPan2
```release-note
cinder volume plugin :
When the cinder volume status is `error`, controller will not do `attach ` and `detach ` operation
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup the use of ExternalID as it is deprecated
The patch removes ExternalID usage from node_controller
and node_lifecycle_oontroller. The code instead uses InstanceID
which returns the cloud provider ID as well.
fixes#60466
Currently user only specify subnet-id in cloud.conf file.
If user want to specify other subnet for some special services,
the subnet-id annotation should be a good choice.
The patch removes ExternalID usage from node_controller
and node_lifecycle_oontroller. The code instead uses InstanceID
which returns the cloud provider ID as well.
Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised.
**What this PR does / why we need it**:
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised. Increase code coverage from 76.5% to 81.5%.
<!--
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
-->
**Release note**:
```release-note
NONE
```
\assign @MrHohn
Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Specify DHCP domain for hostname
**What this PR does / why we need it**:
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
new dhcp-domain parameter to be used for figuring out the hostname of a node
```
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Split out the hostname when default dhcp_domain is used in nova.conf
**What this PR does / why we need it**:
When /etc/nova/nova.conf does not have specify dhcp_domain to empty
string, a default string of '.novalocal' is returned by the meta data
service. So we need to just split the string and pick the first one
in the array.
```
$ curl http://169.254.169.254/latest/meta-data/hostname
testvm-1.novalocal
$ curl http://169.254.169.254/latest/meta-data/public-hostname
testvm-1.novalocal
$ curl http://169.254.169.254/latest/meta-data/local-hostname
testvm-1.novalocal
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61402, 61143, 61427, 60592). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Performance tests and fix for IPAM controller.
Tests the four modes of allocations. Can be run using
./test-performance.sh under tests/integration/ipamperf
directory. See ./test-performance.sh -h for supported flags.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Please see the implementation notes comment block in cloud.go for core details of how
the mocking works. README.md has details on how the tests can be run on the
command line.
**Release note**:
```release-note
Performance test framework and basic tests for the IPAM controller, to simulate behavior
of the four supported modes under lightly loaded and loaded conditions, where load is
defined as the number of operations to perform as against the configured kubernetes
API server QPS.
```
Automatic merge from submit-queue (batch tested with PRs 60499, 61715, 61688, 61300, 58787). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Unit tests for external load balancer
**What this PR does / why we need it**:
Unit test for external load balancer. Increase the code coverage of gce_loadbalancer_external.go from 61.6% to 76.5%.
<!--
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
-->
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61434, 61501, 59609, 61467, 61531). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure
**What this PR does / why we need it**:
Azure ExponentialBackoff will still try to get VM information even when the VM has already been removed on Azure:
1365ce3419/pkg/cloudprovider/providers/azure/azure_backoff.go (L52-L60)
It should report `cloudprovider.InstanceNotFound` early and avoid calling Azure APIs on such case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61465
**Special notes for your reviewer**:
Should be cherry-picked to v1.9
**Release note**:
```release-note
Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure
```
Automatic merge from submit-queue (batch tested with PRs 61434, 61501, 59609, 61467, 61531). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of specifying service tags for Azure cloud provider
**What this PR does / why we need it**:
This PR adds support of specifying service tags for Azure cloud provider by annotation `service.beta.kubernetes.io/azure-allowed-service-tags`.
Refer https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags for more information about this feature.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57914
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure cloud provider now supports specifying allowed service tags by annotation `service.beta.kubernetes.io/azure-allowed-service-tags`
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Remove validation of Alpha Feature Gates
**What this PR does / why we need it**:
As per discussion with @bowei, @freehan, and @nicksardo , remove validation on Alpha Feature Gates so we can be more flexible with adding or removing new features.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace package "golang.org/x/net/context" with "context"
**What this PR does / why we need it**:
Replace package "golang.org/x/net/context" with "context"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60560
**Special notes for your reviewer**:
As of Go 1.7 this package(golang.org/x/net/context) is available in the standard library under the name context. see (https://godoc.org/golang.org/x/net/context)
It is almost machinery replace.
**Release note**:
```release-note
NONE
```
Tests the four modes of allocations. Can be run using
./test-performance.sh under tests/integration/ipamperf
directory. See ./test-performance.sh -h for supported flags.
Automatic merge from submit-queue (batch tested with PRs 60980, 61273, 60811, 61021, 61367). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix for openstack member cleanup for multiple port cases
**What this PR does / why we need it**:
Fixing an openstack lb issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes: #60976
**Special notes for your reviewer**:
The problem with the code was that if multiple ports were exposed then that created multiple members for each listener, and the deletion process iterated over each listener with an array of every member resulting listener - member mismatch, which caused not found exception from lbaasv2.
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 61354, 61366, 61386, 61394, 60755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix waitLoadbalancerDeleted timeout always
**What this PR does / why we need it**: waitLoadbalancerDeleted function goes always to timeout because not working check
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stabilize openstack_test when running against real cloud
**What this PR does / why we need it**:
in TestReadConfig, we are setting some env vars for testing if
we read them back properly. However this interferes with running
the unit test harness against a real openstack cloud where we
source the OS_* environment variables. Adding code here to save
and reset variables.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57871, 61094, 60459, 61089, 61105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Internal Loadbalancer Tests
**What this PR does / why we need it**:
Adds unit tests for the GCE Internal Loadbalancer. According to the test coverage tool, this PR brings test coverage of `gce_loadbalancer_internal.go` from 0% to 74.0%.
```release-note
NONE
```
/assign nicksardo bowei
Automatic merge from submit-queue (batch tested with PRs 60189, 59542, 59931, 60621, 60353). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
do not delete node in openstack, if those still exist in cloudprovider
**What this PR does / why we need it**: Deleting nodes in kubernetes cluster causes problems. It will lead to situations like labels and taints are missing from nodes when node will return online.
**Which issue(s) this PR fixes**:
**Special notes for your reviewer**:
```release-note
Nodes are not deleted from kubernetes anymore if node is shutdown in Openstack.
```
Automatic merge from submit-queue (batch tested with PRs 59740, 59728, 60080, 60086, 58714). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere: Minimize property collection via Finder
The 'All' parameter of the 'NewFinder' function controls property collection while searching the inventory.
When 'All' is set to 'false', Finder collects the minimal set of object properties required to search inventory.
When 'All' is set to 'true', Finder collects *all* object properties, which are *not* required to search inventory.
Setting 'All' to 'true' is only useful when inspecting all properties of an object,
such as by certain govc commands when the '-json' or '-dump' flags are specified.
Changing All=false in VCP minimizes the SOAP payload size and marshalling required on both sides, without impacting any functionality.
**What this PR does / why we need it**:
Changing All=false in VCP minimizes the SOAP payload size and marshalling required on both sides, without impacting any functionality.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
in TestReadConfig, we are setting some env vars for testing if
we read them back properly. However this interferes with running
the unit test harness against a real openstack cloud where we
source the OS_* environment variables. Adding code here to save
and reset variables.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Code cleanup: group consts togather
**What this PR does / why we need it**:
This is a code cleanup, which groups all consts togather.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update documentation for azure-shared-securityrule
**What this PR does / why we need it**:
Azure augmented rules for NSGs has been GA https://azure.microsoft.com/en-us/updates/agumented-rules-ga-nsg/. This PR updates documentation for "service.beta.kubernetes.io/azure-shared-securityrule" to reflect this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Volume deletion should be idempotent
- Describe* calls should return `aws.Error` so caller can handle individual errors. `aws.Error` already has enough context (`"InvalidVolume.NotFound: The volume 'vol-0a06cc096e989c5a2' does not exist"`)
- Deletion of already deleted volume should succeed.
**Release note**:
Fixes: #60778
```release-note
NONE
```
/sig storage
/sig aws
/assign @justinsb @gnufied
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: support Cloud TPU API in cloud provider
**What this PR does / why we need it**:
This PR adds the support for Cloud TPU API in GCE cloud provider.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
GCE: support Cloud TPU API in cloud provider
```
/assign @vishh
/assign @cheftako
Automatic merge from submit-queue (batch tested with PRs 60157, 60337, 60246, 59714, 60467). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Feature gate for regional PDs
**What this PR does / why we need it**: Adding beta feature gate around regional PD support.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Partially addresses #59988
**Special notes for your reviewer**: This feature has already been in alpha for two releases, but at the time it was not gated with a Kubernetes feature gate. Instead it was controlled by a GCE-specific alpha gate. However, there are additional changes with GCE PD StorageClass parameters that we'd like to gate as well, and this is out of scope of GCE alpha gates.
/cc @saad-ali @lavalamp
- Describe* calls should return aws.Error so caller can handle individual
errors. aws.Error already has enough context ("InvalidVolume.NotFound: The
volume 'vol-0a06cc096e989c5a2' does not exist")
- Deletion of already deleted volume should succeed.
Automatic merge from submit-queue (batch tested with PRs 60435, 60334, 60458, 59301, 60125). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Return missing ClusterID error instead of ignoring it
This fixes issue #57382. In the cases I'm aware of kubelet cannot function if it can't detect the cluster it is running in, so the error should be passed up to the caller preventing initialization when kubelet would fail. This way the error can be detected and kubelet startup attempted again later (giving AWS time to apply the tags).
```release-note
On AWS kubelet returns an error when started under conditions that do not allow it to work (AWS has not yet tagged the instance).
```
Automatic merge from submit-queue (batch tested with PRs 57326, 60076, 60293, 59756, 60370). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix#59601: AWS: Check error code returned from describeVolume
The errors returned by the describeVolume call are not all equal:
if the error is of InvalidVolume.NotFound type it does not necessarily
mean the desired operation cannot be finished successfully.
Fixes#59601
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Tag Security Group created for AWS ELB with same additional tags as ELB
/sig aws
(I worked on this with @bkochendorfer)
Tags the SG created for the ELB with the same additional tags the ELB gets from the `service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags` annotation. This is useful for identifying orphaned resources.
We think that reusing the annotation is a simpler and less intrusive approach than adding a new annotation, and most users will want the same set of tags applied.
We weren't sure how to write a test for this because it looks like the fake EC2 code doesn't store the state of the security groups. If new tests are a requirement for merging, we'll need help writing them.
Fixes#53489
```release-note
AWS Security Groups created for ELBs will now be tagged with the same additional tags as the ELB (i.e. the tags specified by the "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" annotation.)
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix AWS NLB delete error
**What this PR does / why we need it**:
Fixes an error when deleting an NLB in AWS
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57568
**Special notes for your reviewer**:
**Release note**:
```release-note
Fixes an error when deleting an NLB in AWS - Fixes#57568
```
@justinsb How do I get this into the `release-1.9` branch?
Automatic merge from submit-queue (batch tested with PRs 60324, 60269, 59771, 60314, 59941). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Refactor ExternalLoadBalancer Tests
**What this PR does / why we need it**:
- Refactors the ExternalLoadBalancer tests to use the generated GCE mock instead of FakeCloudAddressService, FakeCloudForwardingRuleService.
- Adds hooks to populate NetworkTier on Alpha resources
- Moves shared code to top of the external loadbalancer test file
- Moves NetworkTier into a constants file at the cloud level, so it is more easily called in subpackages
**Special notes for your reviewer**:
```release-note
NONE
```
The 'All' parameter of the 'NewFinder' function controls property collection while searching the inventory.
When 'All' is set to 'false', Finder collects the minimal set of object properties required to search inventory.
When 'All' is set to 'true', Finder collects *all* object properties, which are *not* required to search inventory.
Setting 'All' to 'true' is only useful when inspecting all properties of an object,
such as by certain govc commands when the '-json' or '-dump' flags are specified.
Changing All=false in VCP minimizes the SOAP payload size and marshalling required on both sides, without impacting any functionality.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup node type checking for azure nodes
**What this PR does / why we need it**:
This PR cleanup node type checking for azure nodes. It also fixes a problem of `instance not found` error for VMAS nodes in vmss cluster (vmType set to vmss):
```
ss.GetPrimaryInterface(k8s-master), ss.getCachedVirtualMachine(k8s-master), err=instance not found
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60185
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix instanceID for vmss nodes
**What this PR does / why we need it**:
When useInstanceMetadata is set to true for vmss nodes, their providerID is wrong.
Their providerID should be in format `azure:///subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.Compute/virtualMachineScaleSets/<scaleset-name>/virtualMachines/<instance-id>`.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59855
**Special notes for your reviewer**:
**Release note**:
```release-note
Fix instanceID for vmss nodes.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix grammar error of azure cloudprovider code
**What this PR does / why we need it**:
Fix grammar error to make it easy to understand
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies
**What this PR does / why we need it**: updates our bazelbuild/rules_go dependency in order to bump everything to go1.9.4. I'm separating this effort into two separate PRs, since updating rules_go requires a large cleanup, removing an attribute from most build rules.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE: Fix SelfLink of cloudprovider mocks
**What this PR does / why we need it**:
Allows the user to pass in a ProjectRouter to the mocked services
**Special notes for your reviewer**:
/assign bowei
/cc agau4779
**Release note**:
```release-note
NONE
```
When trying to create ELB we can sometime fail if there is more then one AWS
security group tagged. It very useful to get the list of security groups printed in
the error message.
**Release note**:
```release-note
Include the list of security groups when failing with the errors that more then one is tagged
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add jsafrane as AWS approver.
**What this PR does / why we need it**:
I contrinbuted several PRs in AWS storage and I'm willing to share review/approval duty.
**Release note**:
```release-note
NONE
```
/assign @justinsb
Currently the AWS cloud provider uses the EC2 instance role when
interacting with AWS APIs. This change gives the option to provide and IAM
role that the cloud provider will assume before calling the APIs. All
resources created by the role will be owned by that account instead of
the account where the EC2 instance is running.
Automatic merge from submit-queue (batch tested with PRs 59939, 59830). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Azure - ARM Read/Write rate limiting
**What this PR does / why we need it**:
Azure cloud provider currently runs with:
1. Single ARM rate limiter for both `read [put/post/delete]` and `write` operations, while ARM provide [different rates for read/write] (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits). This causes write operation to stop even if there is available write request quotas.
2. Cloud provider uses rate limiter's `Accept()` instead of `TryAccept()` This causes control loop to wait for prolonged tike `in case of no request quota available` for **all** requests even for those does not require ARM interaction. A case for that the `Service` control loop will wait for a prolonged time trying to create `LoadBalancer` service even though it can fail and work on the next service which is `ClusterIP`. This PR moves cloud provider tp `TryAccept()`
**Which issue(s) this PR fixes**:
Fixes # https://github.com/kubernetes/kubernetes/issues/58770
**Special notes for your reviewer**:
`n/a`
**Release note**:
```release-note
- Separate current ARM rate limiter into read/write
- Improve control over how ARM rate limiter is used within Azure cloud provider
```
cc @jackfrancis (need your help carefully reviewing this one) @brendanburns @jdumars
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add node shutdown taint
**What this PR does / why we need it**: we need node stopped taint in order to detach volumes immediately without waiting timeout. More info in issue ticket #58635
**Which issue(s) this PR fixes**
Fixes#58635
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Try longer to fetch initial token.
**What this PR does / why we need it**:
Step towards fixing #56293
**Special notes for your reviewer**:
/kind bug
/priority critial-urgent
@kubernetes/sig-scalability-bugs
/cc @shyamjvs please add to v1.9
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use SetInformers method to register for Node events. (#449)
Till 1.9.2 Kubernetes release vSphere Cloud Provider needs a separate service account which is not needed.
**What this PR does / why we need it**:
In this fix, vSphere CLoud Provider is now implementing SetInformer API to get the required NodeInformer. With this change vSphere Cloud Provider no more requires separate service account for listening NodeEvents.
**Which issue(s) this PR fixes**
Fixes#58747
**Special notes for your reviewer**:
VMware vSphere Cloud Provide internal change
**Release note**:
```release-note
With this fix, separate service account is not needed for vSphere Cloud Provider for listening node events.
```
Automatic merge from submit-queue (batch tested with PRs 59489, 59716). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add AzureDisk support for vmss nodes
**What this PR does / why we need it**:
This PR adds AzureDisk support for vmss nodes. Changes include
- Upgrade vmss API to 2017-12-01
- Upgrade vmss clients with new version API
- Abstract AzureDisk operations for vmss and vmas
- Added AzureDisk support for vmss
- Unit tests and fake clients fix
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#43287
**Special notes for your reviewer**:
~~Depending on #59652 (the first two commits are from #59652).~~
**Release note**:
```release-note
Add AzureDisk support for vmss nodes
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add gnufied as AWS approver.
@gnufied has been maintaining the storage part of AWS cloud provider for a long while and he deserves to be approver.
```release-note
NONE
```
/sig aws
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix the error prone account creation method of blob disk
**What this PR does / why we need it**:
use new account generation method for blob disk to fix the error prone account creation method of blob disk
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59738
**Special notes for your reviewer**:
**Release note**:
```
fix the error prone account creation method of azure blob disk
```
/assign @karataliu
/sig azure
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Skip TestRoutes when there are no vm(s)
**What this PR does / why we need it**:
TestRoutes assumes that there is at least one vm in the OpenStack it
is connecting to. So let's limit this test to run properly only when
we are running in a VM or one was created already outside of the
test harness
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Please see https://github.com/dims/openstack-cloud-controller-manager/issues/73 for some more context
**Release note**:
```release-note
NONE
```
The errors returned by the describeVolume call are not all equal:
if the error is of InvalidVolume.NotFound type it does not necessarily
mean the desired operation cannot be finished successfully.
Fixes#59601
fix comments
change azureDiskSharedAccountNamePrefix var
rename sharedDiskAccountNamePrefix
use default vhd container name as "vhds"
use one commaon func: SearchStorageAccount
fix comments
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add generic cache for Azure VMSS
**What this PR does / why we need it**:
This PR adds a generic cache for VMSS and removes old list-based cache.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Continue of ##58770.
**Special notes for your reviewer**:
Depends on #59520.
**Release note**:
```release-note
Add generic cache for Azure VMSS
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix the create azure file pvc failure if there is no storage account in current resource group
**What this PR does / why we need it**:
When create an azure file PVC, there will be error if there is no storage account in current resource group.
With this PR, a storage account will be created if there is no storage account in current resource group.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#56556
**Special notes for your reviewer**:
1. rephrase the code logic of `CreateFileShare` func.
```
if accountName is empty, then
find a storage account that matches accountType
if no storage account found, then
create a new account
else
we only use user specified storage account
create a file share according to found storage account
```
2. Use func `getStorageAccountName` to get a unique storage account name by UUID, a storage account for azure file would be like `f0b2b0bd40c010112e897fa`. And in next PR, I will use this function to create storage account for azure disk, the storage account for azure disk would be like `d8f3ad8ad92000f1e1e88bd`.
**Release note**:
```
fix the create azure file pvc failure if there is no storage account in current resource group
```
/sig azure
/assign @rootfs
use new storage account name generation method
use uuid to generate account name
change azure file account prefix
use uniqueID to generate a storage account name
fix comments
fix comments
fix comments
fix a storage account matching bug
only use UUID in getStorageAccountName func
use shorter storage account prefix for azure file
fix comments
fix comments
fix comments
fix rebase build error
rewrite CreateFileShare code logic
fix gofmt issue
fix test error
fix comments
fix a location matching bug
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix all the typos across the project
**What this PR does / why we need it**:
There are lots of typos across the project. We should avoid small PRs on fixing those annoying typos, which is time-consuming and low efficient.
This PR does fix all the typos across the project currently. And with #59463, typos could be avoided when a new PR gets merged.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/sig testing
/area test-infra
/sig release
/cc @ixdy
/assign @fejta
**Release note**:
```release-note
None
```
PanFengyun <pan_feng_yun@163.com>'s previous github id was @FengyunPan
Due to some problem with github, he lost access to @FengyunPan and
is not using @FengyunPan2. So let's switch over to the new id. Github
has promised to release the previous id back in 6 months, so we may
have to switch it back later.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add generic cache for Azure VM/LB/NSG/RouteTable
**What this PR does / why we need it**:
Part of #58770. This PR adds a generic cache of Azure VM/LB/NSG/RouteTable for reducing ARM calls.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Part of #58770
**Special notes for your reviewer**:
**Release note**:
```release-note
Add generic cache for Azure VM/LB/NSG/RouteTable
```
fix function
fix gofmt
fix function return value
fix tests
skip notimplemented error
remove factory unused
in openstack we should try to find instanceid from all states instead of ACTIVE, all other cloudproviders do this already
fix tests and lint
fix gofmt
fix nodelifecycletest
fix lint errors
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fixes the regression of GCEPD not provisioning correctly on GKE alpha clusters.
Fixes the regression by better distinguishing between single-zone and multi-zone PDs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#59047
**Special notes for your reviewer**: All PD and dynamic provisioning e2e tests pass, manually verified provision, delete, attach, and detach of both single-zone and multi-zone PDs. Will create e2e tests for multizone PDs in a separate PR.
**Release note**:
/sig storage
/assign @saad-ali
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update azure_loadbalancer.md to fix typo
fix typo
incase -> in case
selction -> selection
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
fix typo
incase -> in case
selction -> selection
```
Automatic merge from submit-queue (batch tested with PRs 58437, 59490, 55684). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Unit test ExternalLoadBalancer
**What this PR does / why we need it**:
- Unit tests for `pkg/cloudprovider/providers/gce/gce_loadbalancer_external.go`
- Tests creating, updating, and deleting an external LoadBalancer
**Future Improvements**
In order to further test `gce_loadbalancer_external.go`, we should add tests for the following cases:
- Network Tiers - when the current/desired network tier doesn't match, existing resources with the wrong tier should be torn down
- Expect an error when the TargetPool does not exist
- Expect an error when the LoadBalancer Firewall does not exist
- Case when TargetPool needs to be recreated
- Case when IP needs to be released (calls gce.DeleteRegionAddress)
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Make AWS attach/detach operations faster
Most attach/detach operations on AWS finish within 1-4seconds.
By using a shorter time interval and higher exponetial
factor we can shorten time taken for attach and detach to complete.
After this change retry interval looks like:
```
[1, 1.8, 3.24, 5.832000000000001, 10.4976]
```
Before it was:
```
[10, 12.0, 14.399999999999999, 17.279999999999998]
```
/sig aws
```release-note
AWS: Make attach/detach operations faster. from 10-12s to 2-6s
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
AWS: Do not ignore errors from EC2::DescribeVolume in DetachDisk
The DetachDisk method of AWS cloudprovider indirectly calls
EC2::DescribeVolume AWS API function to check if the volume
being detached is really attached to the specified node.
The AWS API call may fail and return error which is logged however
the DetachDisk then finishes successfully. This may cause the AWS
volumes to remain attached to the instances forever because the
attach/detach controller will mark the volume as attached. The PV
controller will never be able to delete those disks and they need
to be detached manually.
This patch ensures the error from DescribeVolume is propagated to
attach/detach controller and the detach operation is re-tried.
cc: @gnufied, @jsafrane
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vclib: enable VM disk attach test
**What this PR does / why we need it**:
Follow up to PR #58534 , where this test was disabled due to a limitation in
govmomi/simulator. The test passes as expected with godeps update of govmomi.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
This PR is 1-line update to the vSphere Cloud Provider tests and godep update of the vendor'd vmware/govmomi repo.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Report InstanceID for vSphere Cloud Provider as UUID obtained from product_serial file
**What this PR does / why we need it**:
vSphere Cloud Provider is not able to find the nodes for VMs created on vSphere v1.6.5. Kubelet fetches SystemUUID from file ```/sys/class/dmi/id/product_uuid```. vSphere Cloud Provider uses this uuid as VM identifier to get node information from vCenter. vCenter v1.6.5 doesn't recognize this uuids, as a result, nodes are not found.
UUID present in file ```/sys/class/dmi/id/product_serial``` is recognized by vCenter. Yet, Kubelet doesn't report this. Therefore, in this PR InstanceID is reported as UUID which is fetched from file
```/sys/class/dmi/id/product_serial```.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes https://github.com/kubernetes/kubernetes/issues/58927
**Special notes for your reviewer**:
Internally review here: https://github.com/vmware/kubernetes/pull/452
Tested:
Launched K8s cluster using kubeadm (Used Ubuntu VM compatible with vSphere version 6.5.)
_**Note: Installed Ubuntu from ISO**_
Observed following:
```
Master
> cat /sys/class/dmi/id/product_uuid
743F0E42-84EA-A2F9-7736-6106BB5DBF6B
> cat /sys/class/dmi/id/product_serial
VMware-42 0e 3f 74 ea 84 f9 a2-77 36 61 06 bb 5d bf 6b
Node
> cat /sys/class/dmi/id/product_uuid
956E0E42-CC9D-3D89-9757-F27CEB539B76
> cat /sys/class/dmi/id/product_serial
VMware-42 0e 6e 95 9d cc 89 3d-97 57 f2 7c eb 53 9b 76
```
With this fix controller manager was able to find the nodes.
**controller manager logs**
```
{"log":"I0205 22:43:00.106416 1 nodemanager.go:183] Found node ubuntu-node as vm=VirtualMachine:vm-95 in vc=10.161.120.115 and datacenter=vcqaDC\n","stream":"stderr","time":"2018-02-05T22:43:00.421010375Z"}
```
**Release note**:
```release-note
vSphere Cloud Provider supports VMs provisioned on vSphere v1.6.5
```
TestRoutes assumes that there is at least one vm in the OpenStack it
is connecting to. So let's limit this test to run properly only when
we are running in a VM or one was created already outside of the
test harness
The DetachDisk method of AWS cloudprovider indirectly calls
EC2::DescribeVolume AWS API function to check if the volume
being detached is really attached to the specified node.
The AWS API call may fail and return error which is logged however
the DetachDisk then finishes successfully. This may cause the AWS
volumes to remain attached to the instances forever because the
attach/detach controller will mark the volume as attached. The PV
controller will never be able to delete those disks and they need
to be detached manually.
This patch ensures on error from DescribeVolume is propagated to
attach/detach controller and the detach operation is re-tried.
shutdowned -> stopped
use shutdown everywhere
use patch in taints api call
use notimplemented in clouds use AddOrUpdateTaintOnNode
correct log text
add fake cloud
try to fix bazel
add shutdown tests
add context
Follow up to PR #58534 , where this test was disabled due to a limitation in
govmomi/simulator. The test passes as expected with godeps update of govmomi.
Automatic merge from submit-queue (batch tested with PRs 59394, 58769, 59423, 59363, 59245). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Only populate alias range for nic0 when invoking instance.UpdateNetworkInterface.
**What this PR does / why we need it**:
Without the fix, GCP will emit errors, e.g., googleapi: Error 400: Invalid value for field 'resource.accessConfigs': ''. Updating this field is not supported., invalid
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
N/A
**Special notes for your reviewer**:
**Release note**:
```release-note
"NONE"
```
Automatic merge from submit-queue (batch tested with PRs 59441, 58264, 59287, 59396, 59439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add context to all relevant cloud APIs
**What this PR does / why we need it**:
This adds context to all the relevant cloud provider interface signatures.
Callers of those APIs are currently satisfied using context.TODO().
There will be follow on PRs to push the context through the stack.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#815
**Special notes for your reviewer**:
For an idea of the full scope of this change please look at PR #58532.
**Release note**:
```release-note
Implementers of the cloud provider interface will note the addition of a context to this interface. Trivial code modification will be necessary for a cloud provider to continue to compile.
```
Automatic merge from submit-queue (batch tested with PRs 59441, 58264, 59287, 59396, 59439). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix some log param error
this patch fix some log parameter mistakes.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
/release-note-none
```
This adds context to all the relevant cloud provider interface signatures.
Callers of those APIs are currently satisfied using context.TODO().
There will be follow on PRs to push the context through the stack.
For an idea of the full scope of this change please look at PR #58532.
