gce: Prefer MASTER_ADVERTISE_ADDRESS in apiserver setup

[grosskur]

MASTER_ADVERTISE_ADDRESS is used to set the --advertise-address flag
for the apiserver. It's useful for running the apiserver behind a load
balancer.

However, if PROJECT_ID, TOKEN_URL, TOKEN_BODY, and NODE_NETWORK are
all set, the GCE VM's external IP address will be fetched and used
instead and MASTER_ADVERTISE_ADDRESS will be ignored.

Change this behavior so that MASTER_ADVERTISE_ADDRESS takes precedence
because it's more specific. We still fall back to using the VM's
external IP address if the other variables are set.

Also: Move the setting of --ssh-user and --ssh-keyfile based on
PROXY_SSH_USER) to a top-level block because this is common to all
codepaths.

GCE: Fix to make the built-in `kubernetes` service properly point to the master's load balancer address in clusters that use multiple master VMs.

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: helpdesk@rt.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[grosskur]

I've now signed the CNCF CLA.

[bowei]

/ok-to-test

[bowei]

/assign

[bowei]

/assign @dnardo

[bowei]

Seems like this was set only if PROXY_SSH_USER is set in the previous code. Was that wrong?

[grosskur]

Not sure. I looked at the git history but couldn't figure out why --advertise-address was only set if PROXY_SSH_USER was set. To be safe, I've updated the diff to leave that entire block as-is.

[bowei]

use the double bracket test to be consistent (e.g. "[[" and "]]")

[grosskur]

Done.

[bowei]

why not use get-metadata-value?

[grosskur]

Whoops. I initially developed this patch on an older branch that didn't have get-metadata-value. Switched to use get-metadata-value now.

[dnardo]

/lgtm other than Bowei's comments.

Was kubeclt logs/exec tested with this change (in all cases) ?

[grosskur]

Thanks for the review!

@bowei: I've pushed a new diff that addresses your comments.

@dnardo: I've tested both kubectl exec and kubectl logs in all cases now, and verified they still work.

[grosskur]

/retest

[grosskur]

/test pull-kubernetes-integration

[bowei]

/approve no-issue

[bowei]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bowei, dnardo, grosskur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cluster/gce/OWNERS [bowei]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.