Automatic merge from submit-queue (batch tested with PRs 63969, 63902, 63689, 63973, 63978). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
**What this PR does / why we need it**:
Currently, vCenter credentials are stored in plain text in vsphere.conf. This PR adds a mechanism in vSphere Cloud Provider to get vCenter credentials from Kubernetes secrets.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Internally review here: https://github.com/vmware/kubernetes/pull/484
**Workflow:**
1. Create vsphere.conf file with ```secret-name``` and ```secret-namespace```.
```
[Global]
insecure-flag = 1
secret-name = "vcconf"
secret-namespace = "kube-system"
[VirtualCenter "10.160.45.119"]
port = 443
datacenters = k8s-dc-1
[Workspace]
server = 10.160.45.119
datacenter = k8s-dc-1
default-datastore = sharedVMFS-0
folder = Discovered virtual machine
```
2. Launch Kubernetes cluster with vSphere Cloud Provider Configured.
3. Create secret with vCenter credentials.
a. Create base64 encoding for username and password:
username:
```
> echo -n 'admin' | base64
YWRtaW4=
```
password:
```
> echo -n 'vsphere' | base64
dnNwaGVyZQ==
```
b. kubectl create -f vccredentials.yaml
```
#vccredentials.yaml
apiVersion: v1
kind: Secret
metadata:
name: vcconf
type: Opaque
data:
10.192.44.199.username: YWRtaW4=
10.192.44.199.password: dnNwaGVyZQ==
```
4. vSphere Cloud Provider can be used now.
**Note:**
Secrets info can be provided with both (old and new) vSphere Cloud provider configuration formats.
**Tests Done:**
- [x] vSphere Cloud Provider unit test.
- [x] Volume lifecyle with Username and Password in vsphere.conf (for backward compability)
- [x] Volume lifecyle with secrets information in vsphere.conf.
- [x] Update secrets workflow
**Release note**:
```release-note
Adds a mechanism in vSphere Cloud Provider to get credentials from Kubernetes secrets
```
Automatic merge from submit-queue (batch tested with PRs 63569, 63918, 63980, 63295, 63989). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
GCE provider: add wrapper for security policy
**What this PR does / why we need it**:
Generated mock interface for beta backend service and security policy as well.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #NONE
**Special notes for your reviewer**:
/assign @nicksardo
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63886, 63857, 63824). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere Cloud Provider: add SAML token authentication support
**What this PR does / why we need it**:
The vSphere cloud provider currently supports username+password based authentication, this PR adds an option to use token based authentication.
**Which issue(s) this PR fixes**:
Fixes#63209
**Special notes for your reviewer**:
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
**Release note**:
```release-note
vSphere Cloud Provider: add SAML token authentication support
```
For now the config structs and validation are left as-is and
the LoginByToken method is used if the username value is PEM encoded.
In this case of username field configured with the public key, the password
field is expected to be configured with the private key.
In a follow-up PR we can look at collapsing the auth related fields into
a common struct to avoid duplication of field merging and validation.
And then add separate fields for the public and private keys.
Fixes#63209
Automatic merge from submit-queue (batch tested with PRs 63686, 63736). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Deprecate photon cloud provider
vmware/photon-controller is no longer maintained, as of Oct 2017.
Adds a detail field to deprecatedCloudProviders, meant for pointing to external provider url or other reason for deprecation.
**What this PR does / why we need it**:
The photon cloud provider is no longer supported, need to let users know.
Photon controller support has already been removed from kube-up in PR #58096
**Release note**:
```release-note
NONE
```
vmware/photon-controller is no longer maintained, as of Oct 2017.
Adds a detail field to deprecatedCloudProviders, meant for pointing to external provider url or other reason for deprecation.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
should use time.Since instead of time.Now().Sub
**What this PR does / why we need it**:
should use time.Since instead of time.Now().Sub
**Special notes for your reviewer**:
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Include more information when multiple security groups are tagged
**What this PR does / why we need it**:
When trying to create ELB we can sometime fail if there is more then one AWS
security group tagged. It very useful to get the list of security groups printed in
the error message.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
Include the list of security groups when failing with the errors that more then one is tagged
```
Automatic merge from submit-queue (batch tested with PRs 63563, 63541). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Do not check vmSetName when getting Azure node's IP
**What this PR does / why we need it**:
Do not check vmSetName when getting Azure node's IP.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#63538
**Special notes for your reviewer**:
**Release note**:
```release-note
Do not check vmSetName when getting Azure node's IP
```
Automatic merge from submit-queue (batch tested with PRs 63364, 63464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vsphere: use vim25.Client directly to support token authentication
**What this PR does / why we need it**:
This refactor is in support of SAML token authentication: #63209
Avoid use of govmomi.Client as it only supports username+password authentication via SessionManager.Login().
Using vim25.Client directly will allow VCP to add other authentication methods,
such as SessionManager.LoginByToken().
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
adding support for VM name with extra Separator String
**What this PR does / why we need it**:
Allows the Azure VM name to have within their name the `_` character
**Special notes for your reviewer**:
This is the error I got before testing
```
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: I0507 21:55:14.462125 39465 azure_vmss.go:108] getVmssVM gets scaleSetName ("kn-infra_ss") and instanceID ("0") for node "kn-infra000000"
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: E0507 21:55:14.462147 39465 azure_vmss_cache.go:52] Failed to extract vmssVMName "kn-infra_ss_0"
May 07 21:55:14 kn-infra000000.<domainname> kubelet[39465]: F0507 21:55:14.462160 39465 kubelet.go:1349] Kubelet failed to get node info: failed to get external ID from cloud provider: not a vmss instance
```
**Release note**:
```release-note
Azure VMSS: support VM names to contain the `_` character
```
The TestVSphereLogin method still defaults to testing against a real vCenter,
but if the required environment variables are not set, it can test against vcsim.
More tests can be converted to use configFromEnvOrSim(), but can be in follow up PRs.
This refactor is in support of SAML token authentication: #63209
Avoid use of govmomi.Client as it only supports username+password authentication via SessionManager.Login().
Using vim25.Client directly will allow VCP to add other authentication methods,
such as SessionManager.LoginByToken().
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up Azure clients
**What this PR does / why we need it**:
Follow up of #63278 (Use new Azure SDK APIs for load balancer and public IP operations), clean up all other clients.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Follow up of #63278
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61725, 63261). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use cloudprovider.NotImplemented in AddSSHKeyToAllInstances
**What this PR does / why we need it**:
Minor cleanup: In looking at implementations of this method,
noticed a few providers created their own errors instead of using cloudprovider.NotImplemented
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62657, 63278, 62903, 63375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use new Azure SDK APIs for load balancer and public IP operations
**What this PR does / why we need it**:
#63063 updated Azure SDK to a stable version. After that, we should also update existing clients to use new SDK APIs.
Without this, public IP listing will be blocked forever in some case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
A following PR will be sent for other interfaces, e.g. routes and NSGs.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 62060, 62516). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Add new formats to resource parser and self link creator
**What this PR does / why we need it**:
- Expands the set of parse-able strings for resource IDs, while also simplifying the code. Note that these are acceptable values for some fields in GCP API.
- global/networks/my-network
- regions/us-central1/subnetworks/my-sub
- zones/us-central1-a/instances/my-hacker-instance
- Fixes the SelfLink function to return links for regions and zones:
- https://www.googleapis.com/compute/v1/projects/proj4/regions/us-central1
- Generates helper functions to create a ResourceID for each resource
- Generates a unit test that ensures all links can be generated and all generated links can be parsed.
- Fixes an ILB test which creates a malformed URL.
**Special notes for your reviewer**:
/assign rramkumar1
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63349, 63294). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add metric for throttled requests in AWS
**What this PR does / why we need it**:
This PR adds a metric for request throttling in AWS.
**Special notes for your reviewer**:
* Added metric.
* Moved metrics-related code to `aws_metrics.go`.
* Capitalized acronyms, e.g., `recordAwsMetric` to `recordAWSMetric`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63138, 63091, 63201, 63341). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Set names for OpenStack loadbalancer members and monitors
**What this PR does / why we need it**:
This PR sets names for OpenStack loadbalancer members and monitors.
ATM names for members and monitors are empty, making it difficult to identify where they belong.
Healthmonitors will be named `monitor_<lb_name>_<index>` and members
will be named `member_<lb_name>_<index>_<node_name>`.
This naming scheme should in sync with the naming of other LB resources, e.g. pools: `pool_<lb_name>_<index>`.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 59879, 62729). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Openstack: fix orphaned route deletion
This is a follow-up to #56258 which only got half of the work done.
The OpenStack cloud providers DeleteRoute method fails to delete routes when it can’t find the corresponding instance in OpenStack.
```release-note
OpenStack cloudprovider: Fix deletion of orphaned routes
```
Minor cleanup: In looking at implementations of this method,
noticed a few providers created their own errors instead of using cloudprovider.NotImplemented
Automatic merge from submit-queue (batch tested with PRs 63129, 63066, 60009, 63136, 63086). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add node shutdown taint
**What this PR does / why we need it**: we need node stopped taint in order to detach volumes immediately without waiting timeout. More info in issue ticket #58635
**Which issue(s) this PR fixes**
Fixes#58635
**Special notes for your reviewer**: this was reverted, original PR https://github.com/kubernetes/kubernetes/pull/59323 Hopefully now bugs are fixed. However, I will execute more tests manually today.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 63007, 62919, 62669, 62860). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix vSphere Cloud Provider to handle upgrade from k8s version less than v1.9.4 to v1.9.4+
**What this PR does / why we need it**:
vSphere Cloud Provider in kubernetes master v1.9.4+ is not able to identify the kubernetes nodes of version less than 1.9.4. Hence, volume operations fail in this case. This PR fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#62435
**Special notes for your reviewer**:
Internally reviewed here: https://github.com/vmware/kubernetes/pull/477
**Release note**:
```release-note
None
```
Automatic merge from submit-queue (batch tested with PRs 62857, 62707). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of standard LB to Azure vmss
**What this PR does / why we need it**:
Add support of standard LB to Azure vmss.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60485
**Special notes for your reviewer**:
**Release note**:
```release-note
Add support of standard LB to Azure vmss
```
/sig azure
Automatic merge from submit-queue (batch tested with PRs 62568, 62220, 62743, 62751, 62753). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[vSphere Cloud Provider] Fix detach disk when VM is not found
**What this PR does / why we need it**:
When VM is deleted from VC inventory and detach request is issued detach returns error since VM cannot be found. In this scenario, detach should return no error if VM is not found. This PR fixes this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61707.
**Special notes for your reviewer**:
**Release note**:
```release-note
None
```
@kubernetes/vmware
Automatic merge from submit-queue (batch tested with PRs 62748, 60536, 62300, 62661, 62731). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Parallelize GCE loadbalancer tests
**What this PR does / why we need it**:
- Encapsulate IP counter in Mocks. Previously, ipCounter was a global int modified by multiple tests.
- Use mock-provided Lock before modifying resources.
- Parallelize loadbalancer tests.
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add @andrewsykim to OWNERS for cmd/cloud-controller-manager,pkg/contr…
**What this PR does / why we need it**:
Add myself as an approver for CCM related code.
cc @wlan0
**Release note**:
```release-note
Add @andrewsykim as an approver for CCM related code.
```
This is a follow-up to #56258 which only half of the work done.
The DeleteRoute method failed to delete routes when it can’t find the corresponding node in OpenStack.
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Use function aws.Int64Value replace of deprecated function orZero
**What this PR does / why we need it**:
```
// orZero returns the value, or 0 if the pointer is nil
// Deprecated: prefer aws.Int64Value
func orZero(v *int64) int64 {
return aws.Int64Value(v)
}
```
Use function aws.Int64Value replace of deprecated function orZero and remove unused orZero .
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61549, 62230, 62055, 61082, 62212). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
don't do attach and deatch when cinder volume status is error
When cinder volume status is `error`, it is not supposed to handle operation like `attach` and `detach`
@dims @FengyunPan2
```release-note
cinder volume plugin :
When the cinder volume status is `error`, controller will not do `attach ` and `detach ` operation
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Cleanup the use of ExternalID as it is deprecated
The patch removes ExternalID usage from node_controller
and node_lifecycle_oontroller. The code instead uses InstanceID
which returns the cloud provider ID as well.
fixes#60466
Currently user only specify subnet-id in cloud.conf file.
If user want to specify other subnet for some special services,
the subnet-id annotation should be a good choice.
The patch removes ExternalID usage from node_controller
and node_lifecycle_oontroller. The code instead uses InstanceID
which returns the cloud provider ID as well.
Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised.
**What this PR does / why we need it**:
Add unit testcases for ensureExternalLoadBalancer to make sure it doesn't panic when errors raised. Increase code coverage from 76.5% to 81.5%.
<!--
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
-->
**Release note**:
```release-note
NONE
```
\assign @MrHohn
Automatic merge from submit-queue (batch tested with PRs 61871, 61890, 61786). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Specify DHCP domain for hostname
**What this PR does / why we need it**:
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
new dhcp-domain parameter to be used for figuring out the hostname of a node
```
In 9a8c6db448, we looked at the hostname
in the metadata service and used '.' as the delimiter to chop off the
dhcp_domain (specified in nova.conf). However administrators need to
better control the dhcp domain better as there may be a '.' in the host
name itself. So let's introduce a config option that we can use and
default it to what nova uses when dhcp_domain is not specified which is
"novalocal"
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Split out the hostname when default dhcp_domain is used in nova.conf
**What this PR does / why we need it**:
When /etc/nova/nova.conf does not have specify dhcp_domain to empty
string, a default string of '.novalocal' is returned by the meta data
service. So we need to just split the string and pick the first one
in the array.
```
$ curl http://169.254.169.254/latest/meta-data/hostname
testvm-1.novalocal
$ curl http://169.254.169.254/latest/meta-data/public-hostname
testvm-1.novalocal
$ curl http://169.254.169.254/latest/meta-data/local-hostname
testvm-1.novalocal
```
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61402, 61143, 61427, 60592). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Performance tests and fix for IPAM controller.
Tests the four modes of allocations. Can be run using
./test-performance.sh under tests/integration/ipamperf
directory. See ./test-performance.sh -h for supported flags.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
Please see the implementation notes comment block in cloud.go for core details of how
the mocking works. README.md has details on how the tests can be run on the
command line.
**Release note**:
```release-note
Performance test framework and basic tests for the IPAM controller, to simulate behavior
of the four supported modes under lightly loaded and loaded conditions, where load is
defined as the number of operations to perform as against the configured kubernetes
API server QPS.
```
Automatic merge from submit-queue (batch tested with PRs 60499, 61715, 61688, 61300, 58787). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Unit tests for external load balancer
**What this PR does / why we need it**:
Unit test for external load balancer. Increase the code coverage of gce_loadbalancer_external.go from 61.6% to 76.5%.
<!--
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
-->
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 61434, 61501, 59609, 61467, 61531). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure
**What this PR does / why we need it**:
Azure ExponentialBackoff will still try to get VM information even when the VM has already been removed on Azure:
1365ce3419/pkg/cloudprovider/providers/azure/azure_backoff.go (L52-L60)
It should report `cloudprovider.InstanceNotFound` early and avoid calling Azure APIs on such case.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#61465
**Special notes for your reviewer**:
Should be cherry-picked to v1.9
**Release note**:
```release-note
Ensure cloudprovider.InstanceNotFound is reported when the VM is not found on Azure
```
Automatic merge from submit-queue (batch tested with PRs 61434, 61501, 59609, 61467, 61531). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add support of specifying service tags for Azure cloud provider
**What this PR does / why we need it**:
This PR adds support of specifying service tags for Azure cloud provider by annotation `service.beta.kubernetes.io/azure-allowed-service-tags`.
Refer https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags for more information about this feature.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#57914
**Special notes for your reviewer**:
**Release note**:
```release-note
Azure cloud provider now supports specifying allowed service tags by annotation `service.beta.kubernetes.io/azure-allowed-service-tags`
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Remove validation of Alpha Feature Gates
**What this PR does / why we need it**:
As per discussion with @bowei, @freehan, and @nicksardo , remove validation on Alpha Feature Gates so we can be more flexible with adding or removing new features.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Replace package "golang.org/x/net/context" with "context"
**What this PR does / why we need it**:
Replace package "golang.org/x/net/context" with "context"
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#60560
**Special notes for your reviewer**:
As of Go 1.7 this package(golang.org/x/net/context) is available in the standard library under the name context. see (https://godoc.org/golang.org/x/net/context)
It is almost machinery replace.
**Release note**:
```release-note
NONE
```
Tests the four modes of allocations. Can be run using
./test-performance.sh under tests/integration/ipamperf
directory. See ./test-performance.sh -h for supported flags.
Automatic merge from submit-queue (batch tested with PRs 60980, 61273, 60811, 61021, 61367). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix for openstack member cleanup for multiple port cases
**What this PR does / why we need it**:
Fixing an openstack lb issue.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes: #60976
**Special notes for your reviewer**:
The problem with the code was that if multiple ports were exposed then that created multiple members for each listener, and the deletion process iterated over each listener with an array of every member resulting listener - member mismatch, which caused not found exception from lbaasv2.
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 61354, 61366, 61386, 61394, 60755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
fix waitLoadbalancerDeleted timeout always
**What this PR does / why we need it**: waitLoadbalancerDeleted function goes always to timeout because not working check
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Stabilize openstack_test when running against real cloud
**What this PR does / why we need it**:
in TestReadConfig, we are setting some env vars for testing if
we read them back properly. However this interferes with running
the unit test harness against a real openstack cloud where we
source the OS_* environment variables. Adding code here to save
and reset variables.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 57871, 61094, 60459, 61089, 61105). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE] Internal Loadbalancer Tests
**What this PR does / why we need it**:
Adds unit tests for the GCE Internal Loadbalancer. According to the test coverage tool, this PR brings test coverage of `gce_loadbalancer_internal.go` from 0% to 74.0%.
```release-note
NONE
```
/assign nicksardo bowei
Automatic merge from submit-queue (batch tested with PRs 60189, 59542, 59931, 60621, 60353). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
do not delete node in openstack, if those still exist in cloudprovider
**What this PR does / why we need it**: Deleting nodes in kubernetes cluster causes problems. It will lead to situations like labels and taints are missing from nodes when node will return online.
**Which issue(s) this PR fixes**:
**Special notes for your reviewer**:
```release-note
Nodes are not deleted from kubernetes anymore if node is shutdown in Openstack.
```
Automatic merge from submit-queue (batch tested with PRs 59740, 59728, 60080, 60086, 58714). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
vSphere: Minimize property collection via Finder
The 'All' parameter of the 'NewFinder' function controls property collection while searching the inventory.
When 'All' is set to 'false', Finder collects the minimal set of object properties required to search inventory.
When 'All' is set to 'true', Finder collects *all* object properties, which are *not* required to search inventory.
Setting 'All' to 'true' is only useful when inspecting all properties of an object,
such as by certain govc commands when the '-json' or '-dump' flags are specified.
Changing All=false in VCP minimizes the SOAP payload size and marshalling required on both sides, without impacting any functionality.
**What this PR does / why we need it**:
Changing All=false in VCP minimizes the SOAP payload size and marshalling required on both sides, without impacting any functionality.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
in TestReadConfig, we are setting some env vars for testing if
we read them back properly. However this interferes with running
the unit test harness against a real openstack cloud where we
source the OS_* environment variables. Adding code here to save
and reset variables.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Code cleanup: group consts togather
**What this PR does / why we need it**:
This is a code cleanup, which groups all consts togather.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update documentation for azure-shared-securityrule
**What this PR does / why we need it**:
Azure augmented rules for NSGs has been GA https://azure.microsoft.com/en-us/updates/agumented-rules-ga-nsg/. This PR updates documentation for "service.beta.kubernetes.io/azure-shared-securityrule" to reflect this.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Volume deletion should be idempotent
- Describe* calls should return `aws.Error` so caller can handle individual errors. `aws.Error` already has enough context (`"InvalidVolume.NotFound: The volume 'vol-0a06cc096e989c5a2' does not exist"`)
- Deletion of already deleted volume should succeed.
**Release note**:
Fixes: #60778
```release-note
NONE
```
/sig storage
/sig aws
/assign @justinsb @gnufied
Kubernetes Submit Queue