Add Alibaba Cloud Provider support with no vendor (#1309)

* Add Alibaba Cloud Provider

* Add Alibaba Cloud Provider Documents

* Add Alibaba Cloud Provider Examples

* Remove sdk test cases

* fix conflicts in cloud-provider builder

* remove LICENSE in cloudprovider

cluster-autoscaler/Dockerfile

@@ -17,7 +17,7 @@ FROM $BASEIMAGE
 LABEL maintainer="Marcin Wielgus <[email protected]>"
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN clean-install ca-certificates
+RUN clean-install ca-certificates tzdata
 
 ADD cluster-autoscaler cluster-autoscaler
 ADD run.sh run.sh

cluster-autoscaler/cloudprovider/alicloud/README.md

@@ -0,0 +1,186 @@
+# Cluster Autoscaler on AliCloud
+The cluster autoscaler on AliCloud scales worker nodes within any specified autoscaling group. It will run as a `Deployment` in your cluster. This README will go over some of the necessary steps required to get the cluster autoscaler up and running.
+
+## Kubernetes Version
+Cluster autoscaler must run on v1.9.3 or greater.
+
+## Instance Type Support 
+- **Standard Instance**x86-Architecture,suitable for common scenes such as websites or api services.
+- **GPU/FPGA Instance**Heterogeneous Computing,suitable for high performance computing.
+- **Bare Metal Instance**Both the elasticity of a virtual server and the high-performance and comprehensive features of a physical server.
+- **Spot Instance**Spot instance are on-demand instances. They are designed to reduce your ECS costs in some cases.
+
+
+## ACS Console Deployment 
+doc: https://www.alibabacloud.com/help/doc-detail/89733.html
+
+## Custom Deployment
+### 1.Prepare Identity authentication
+#### Use access-key-id and access-key-secret 
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloud-config
+  namespace: kube-system
+data:
+  # insert your base64 encoded Alicloud access id and key here, ensure there's no trailing newline:
+  # such as:  echo -n "your_access_key_id" | base64
+  access-key-id: "<BASE64_ACCESS_KEY_ID>"
+  access-key-secret: "<BASE64_ACCESS_KEY_SECRET>"
+  region-id: "<BASE64_REGION_ID>"
+```
+#### Use STS with RAM Role 
+```yaml 
+{
+  "Version": "1",
+  "Statement": [
+    {
+      "Action": [
+        "ess:Describe*",
+        "ess:CreateScalingRule",
+        "ess:ModifyScalingGroup",
+        "ess:RemoveInstances",
+        "ess:ExecuteScalingRule",
+        "ess:ModifyScalingRule",
+        "ess:DeleteScalingRule",
+        "ess:DetachInstances",
+        "ecs:DescribeInstanceTypes"
+      ],
+      "Resource": [
+        "*"
+      ],
+      "Effect": "Allow"
+    }
+  ]
+}
+```
+
+### 2.ASG Setup 
+* create a Scaling Group in ESS(https://essnew.console.aliyun.com) with valid configurations.
+* create a Scaling Configuration for this Scaling Group with valid instanceType and User Data.In User Data,you can specific the script to initialize the environment and join this node to kubernetes cluster.If your Kubernetes cluster is hosted by ACS.you can use the attach script like this.
+```shell
+#!/bin/sh
+# The token is generated by ACS console. https://www.alibabacloud.com/help/doc-detail/64983.htm?spm=a2c63.l28256.b99.33.46395ad54ozJFq
+curl http://aliacs-k8s-cn-hangzhou.oss-cn-hangzhou.aliyuncs.com/public/pkg/run/attach/[kubernetes_cluster_version]/attach_node.sh | bash -s -- --openapi-token [token] --ess true 
+```
+
+
+### 3.cluster-autoscaler deployment 
+
+#### Use access-key-id and access-key-secret 
+```yaml
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: cluster-autoscaler
+  namespace: kube-system
+  labels:
+    app: cluster-autoscaler
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cluster-autoscaler
+  template:
+    metadata:
+      labels:
+        app: cluster-autoscaler
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      serviceAccountName: admin
+      containers:
+        - image: registry.cn-hangzhou.aliyuncs.com/acs/autoscaler:v1.3.1.2
+          name: cluster-autoscaler
+          resources:
+            limits:
+              cpu: 100m
+              memory: 300Mi
+            requests:
+              cpu: 100m
+              memory: 300Mi
+          command:
+            - ./cluster-autoscaler
+            - --v=4
+            - --stderrthreshold=info
+            - --cloud-provider=alicloud
+            - --nodes=[min]:[max]:[ASG_ID]
+          imagePullPolicy: "Always"
+          env:
+          - name: ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: cloud-config
+                key: access-key-id
+          - name: ACCESS_KEY_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: cloud-config
+                key: access-key-secret
+          - name: REGION_ID
+            valueFrom:
+            secretKeyRef:
+              name: cloud-config
+              key: region-id
+          volumeMounts:
+            - name: ssl-certs
+              mountPath: /etc/ssl/certs/ca-certificates.crt
+              readOnly: true
+          imagePullPolicy: "Always"
+      volumes:
+        - name: ssl-certs
+          hostPath:
+            path: "/etc/ssl/certs/ca-certificates.crt"
+```
+
+#### Use STS with RAM Role 
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: cluster-autoscaler
+  namespace: kube-system
+  labels:
+    app: cluster-autoscaler
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cluster-autoscaler
+  template:
+    metadata:
+      labels:
+        app: cluster-autoscaler
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      serviceAccountName: admin
+      containers:
+        - image: registry.cn-hangzhou.aliyuncs.com/acs/autoscaler:v1.3.1.2
+          name: cluster-autoscaler
+          resources:
+            limits:
+              cpu: 100m
+              memory: 300Mi
+            requests:
+              cpu: 100m
+              memory: 300Mi
+          command:
+            - ./cluster-autoscaler
+            - --v=4
+            - --stderrthreshold=info
+            - --cloud-provider=alicloud
+            - --nodes=[min]:[max]:[ASG_ID]
+          imagePullPolicy: "Always"
+```
+
+### Auto-Discovery Setup
+Auto Discovery is not supported in AliCloud currently.
+
+## Common Notes and Gotchas:
+- The `/etc/ssl/certs/ca-certificates.crt` should exist by default on your ecs instance.
+- By default, cluster autoscaler will not terminate nodes running pods in the kube-system namespace. You can override this default behaviour by passing in the `--skip-nodes-with-system-pods=false` flag.
+- By default, cluster autoscaler will wait 10 minutes between scale down operations, you can adjust this using the `--scale-down-delay` flag. E.g. `--scale-down-delay=5m` to decrease the scale down delay to 5 minutes.
+- If you're running multiple ASGs, the `--expander` flag supports three options: `random`, `most-pods` and `least-waste`. `random` will expand a random ASG on scale up. `most-pods` will scale up the ASG that will scheduable the most amount of pods. `least-waste` will expand the ASG that will waste the least amount of CPU/MEM resources. In the event of a tie, cluster-autoscaler will fall back to `random`.

cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/credential.go

@@ -0,0 +1,20 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package auth
+
+// Credential doesn't implement
+type Credential interface{}

cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/credentials/access_key_credential.go

@@ -0,0 +1,53 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package credentials
+
+// BaseCredential is deprecated: Use AccessKeyCredential in this package instead.
+type BaseCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+}
+
+// AccessKeyCredential is kind of credential
+type AccessKeyCredential struct {
+	AccessKeyId     string
+	AccessKeySecret string
+}
+
+// NewBaseCredential is deprecated: Use NewAccessKeyCredential in this package instead.
+func NewBaseCredential(accessKeyId, accessKeySecret string) *BaseCredential {
+	return &BaseCredential{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+	}
+}
+
+// ToAccessKeyCredential returns AccessKeyCredential
+func (baseCred *BaseCredential) ToAccessKeyCredential() *AccessKeyCredential {
+	return &AccessKeyCredential{
+		AccessKeyId:     baseCred.AccessKeyId,
+		AccessKeySecret: baseCred.AccessKeySecret,
+	}
+}
+
+// NewAccessKeyCredential returns AccessKeyCredential
+func NewAccessKeyCredential(accessKeyId, accessKeySecret string) *AccessKeyCredential {
+	return &AccessKeyCredential{
+		AccessKeyId:     accessKeyId,
+		AccessKeySecret: accessKeySecret,
+	}
+}

cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/credentials/ecs_ram_role.go

@@ -0,0 +1,48 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package credentials
+
+// StsRoleNameOnEcsCredential is deprecated: Use EcsRamRoleCredential in this package instead.
+type StsRoleNameOnEcsCredential struct {
+	RoleName string
+}
+
+// NewStsRoleNameOnEcsCredential is deprecated: Use NewEcsRamRoleCredential in this package instead.
+func NewStsRoleNameOnEcsCredential(roleName string) *StsRoleNameOnEcsCredential {
+	return &StsRoleNameOnEcsCredential{
+		RoleName: roleName,
+	}
+}
+
+// ToEcsRamRoleCredential is deprecated
+func (oldCred *StsRoleNameOnEcsCredential) ToEcsRamRoleCredential() *EcsRamRoleCredential {
+	return &EcsRamRoleCredential{
+		RoleName: oldCred.RoleName,
+	}
+}
+
+// EcsRamRoleCredential is kind of credential on ECS
+type EcsRamRoleCredential struct {
+	RoleName string
+}
+
+// NewEcsRamRoleCredential returns EcsRamRoleCredential
+func NewEcsRamRoleCredential(roleName string) *EcsRamRoleCredential {
+	return &EcsRamRoleCredential{
+		RoleName: roleName,
+	}
+}

cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/credentials/rsa_key_pair_credential.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package credentials
+
+// RsaKeyPairCredential is kind of credential
+type RsaKeyPairCredential struct {
+	PrivateKey        string
+	PublicKeyId       string
+	SessionExpiration int
+}
+
+// NewRsaKeyPairCredential returns RsaKeyPairCredential
+func NewRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration int) *RsaKeyPairCredential {
+	return &RsaKeyPairCredential{
+		PrivateKey:        privateKey,
+		PublicKeyId:       publicKeyId,
+		SessionExpiration: sessionExpiration,
+	}
+}

cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/credentials/sts_credential.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package credentials
+
+// StsTokenCredential is kind of credential
+type StsTokenCredential struct {
+	AccessKeyId       string
+	AccessKeySecret   string
+	AccessKeyStsToken string
+}
+
+// NewStsTokenCredential returns StsTokenCredential
+func NewStsTokenCredential(accessKeyId, accessKeySecret, accessKeyStsToken string) *StsTokenCredential {
+	return &StsTokenCredential{
+		AccessKeyId:       accessKeyId,
+		AccessKeySecret:   accessKeySecret,
+		AccessKeyStsToken: accessKeyStsToken,
+	}
+}