Poll and notice changes to cluster UID

controllers/gce/BETA_LIMITATIONS.md

@@ -10,6 +10,8 @@ This is a list of beta limitations:
 * [Oauth scopes](https://cloud.google.com/compute/docs/authentication): By default GKE/GCE clusters are granted "compute/rw" permissions. If you setup a cluster without these permissions, GLBC is useless and you should delete the controller as described in the [section below](#disabling-glbc). If you don't delete the controller it will keep restarting.
 * [Default backends](https://cloud.google.com/compute/docs/load-balancing/http/url-map#url_map_simplest_case): All L7 Loadbalancers created by GLBC have a default backend. If you don't specify one in your Ingress, GLBC will assign the 404 default backend mentioned above.
 * [Teardown](README.md#deletion): The recommended way to tear down a cluster with active Ingresses is to either delete each Ingress, or hit the `/delete-all-and-quit` endpoint on GLBC, before invoking a cluster teardown script (eg: kube-down.sh). You will have to manually cleanup GCE resources through the [cloud console](https://cloud.google.com/compute/docs/console#access) or [gcloud CLI](https://cloud.google.com/compute/docs/gcloud-compute/) if you simply tear down the cluster with active Ingresses.
+* [Changing UIDs](#changing-the-cluster-uid): You can change the UID used as a suffix for all your GCE cloud resources, but this requires you to delete existing Ingresses first.
+* [Cleaning up](#cleaning-up-cloud-resources): You can delete loadbalancers that older clusters might've leaked due to permature teardown through the GCE console.
 
 ## Prerequisites
 
@@ -120,3 +122,47 @@ gcloud container clusters create mycluster --network "default" --num-nodes 1 \
 --disk-size 50 --scopes storage-full
 ```
 
+## Changing the cluster UID
+
+The Ingress controller configures itself to add the UID it stores in a configmap in the `kube-system` namespace.
+
+```console
+$ kubectl --namespace=kube-system get configmaps
+NAME          DATA      AGE
+ingress-uid   1         12d
+
+$ kubectl --namespace=kube-system get configmaps -o yaml
+apiVersion: v1
+items:
+- apiVersion: v1
+  data:
+    uid: UID
+  kind: ConfigMap
+...
+```
+
+You can pick a different UID, but this requires you to:
+
+1. Delete existing Ingresses
+2. Edit the configmap using `kubectl edit`
+3. Recreate the same Ingress
+
+After step 3 the Ingress should come up using the new UID as the suffix of all cloud resources. You can't simply change the UID if you have existing Ingresses, because
+renaming a cloud resource requires a delete/create cycle that the Ingress controller does not currently automate. Note that the UID in step 1 might be an empty string,
+if you had a working Ingress before upgrading to Kubernetes 1.3.
+
+__A note on setting the UID__: The Ingress controller uses the token `--` to split a machine generated prefix from the UID itself. If the user supplied UID is found to
+contain `--` the controller will take the token after the last `--`, and use an empty string if it ends with `--`. For example, if you insert `foo--bar` as the UID,
+the controller will assume `bar` is the UID. You can either edit the configmap and set the UID to `bar` to match the controller, or delete existing Ingresses as described
+above, and reset it to a string bereft of `--`.
+
+## Cleaning up cloud resources
+
+If you deleted a GKE/GCE cluster without first deleting the associated Ingresses, the controller would not have deleted the associated cloud resources. If you find yourself in such a situation, you can delete the resources by hand:
+
+1. Navigate to the [cloud console](https://console.cloud.google.com/) and click on the "Networking" tab, then choose "LoadBalancing"
+2. Find the loadbalancer you'd like to delete, it should have a name formatted as: k8s-um-ns-name--UUID
+3. Delete it, check the boxes to also casade the deletion down to associated resources (eg: backend-services)
+4. Switch to the "Compute Engine" tab, then choose "Instance Groups"
+5. Delete the Instance Group allocated for the leaked Ingress, it should have a name formatted as: k8s-ig-UUID
+