Make the kubelet on a GCE master check instance metadata for manifests

[a-robinson]

Primary motivation: enable GKE and other cluster-as-a-service folks to easily run additional logic on the master without having to modify salt or SSH to the master after it's been created.

Verified to work on GCE.

@brendandburns @roberthbailey @zmerlynn

[k8s-bot]

GCE e2e build/test failed for commit 18fa01fc0062e2f362438f0452618fa48474aa7b.

• Build Log
• Test Artifacts
• Internal Jenkins Results

[a-robinson]

Jenkins failure is due to a test environment issue:

Creating minions.
Instance template pull-e2e-1-minion-template already exists; deleting.
Failed to delete existing instance template
2015/07/28 18:00:43 Error running up: exit status 2
2015/07/28 18:00:43 Error starting e2e cluster. Aborting.
exit status 1

[a-robinson]

@k8s-bot test this please

[k8s-bot]

GCE e2e build/test passed for commit 18fa01fc0062e2f362438f0452618fa48474aa7b.

• Build Log
• Test Artifacts
• Internal Jenkins Results

[roberthbailey]

Is there a reason to only do this on the master? We will (hopefully soon) treat the master node on GCE just like any other node, so we should look at reducing the number of special cases we apply to the master.

[a-robinson]

Well, the daemon controller will handle the node case in the very near future, and adding it to the nodes adds another edge-feature that isn't worth properly supporting given that there's not much use for it once the daemon controller exists.

That said, reducing special cases is a reasonable goal, so I'm happy to go that way if you'd prefer.

[roberthbailey]

I don't think there's much reason to do it on the nodes, just wanted to think about what it would entail.

[roberthbailey]

LGTM. Please cherry pick this into the 1.0 release branch as well.

[roberthbailey]

This should use the v1 api rather than the v1beta1 api.

[a-robinson]

I'm testing it, but I don't think the kubelet knows to set the "Metadata-Flavor: Google" header on its requests

[a-robinson]

Yeah, I've confirmed the kubelet isn't smart enough to hit the v1 metadata server...

[zmerlynn]

Ugh, that means that an internal change I have won't work (I haven't tested it yet).

[a-robinson]

Working on it in #11982

[a-robinson]

I noticed this morning that the downside of this is that it causes the kubelet to spit out an error log message every 20 seconds if there is no pod manifest in the metadata. Maybe this setting should be controlled by a piece of kube-env?

[a-robinson]

Switched to use the v1 metadata API after rebasing onto #12024. Running one final kube-up with a pod specified in the metadata before re-attaching the LGTM label I previously removed.

[a-robinson]

Seems to be working swimmingly, and I verified as part of the other PR that it doesn't complain more than 3 times if there isn't a manifest in the metadata. re-applying @roberthbailey's LGTM

[k8s-bot]

GCE e2e build/test passed for commit 94ae0a9.

• Build Log
• Test Artifacts
• Internal Jenkins Results

[roberthbailey]

Still lgtm.

[a-robinson]

Shippable flaked on the integration test. Should be good to merge. I'd kick shippable, but the retry button is missing.

[a-robinson]

pinging @mikedanese to get this in sometime today

[mikedanese]

It's on my radar.

[dchen1107]

Please cc to me or node team next time on any node / kubelet related configuration changes. I were surprised with this pr when I saw #15122 yesterday. We spent sometime on making node configuration consistently (of course not true in today's situation), but this change is totally opposite on what we are doing. cc/ @yujuhong

[dchen1107]

cc/ @kubernetes/goog-node