From bfdbfa2ab6f1710077fe1c44b5fa3a21949b7c39 Mon Sep 17 00:00:00 2001
From: Denis Moiseev <dmoiseev@redhat.com>
Date: Thu, 15 Apr 2021 12:20:10 +0200
Subject: [PATCH] add description for elaborate changes in isZonesEnabled
 method

---
 staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go b/staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go
index 7dcb1477162..de052b7f964 100644
--- a/staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go
+++ b/staging/src/k8s.io/legacy-cloud-providers/vsphere/vsphere.go
@@ -904,6 +904,10 @@ func (vs *VSphere) LoadBalancer() (cloudprovider.LoadBalancer, bool) {
 
 func (vs *VSphere) isZoneEnabled() bool {
 	isEnabled := vs.cfg != nil && vs.cfg.Labels.Zone != "" && vs.cfg.Labels.Region != ""
+	// Return false within kubelet in case of credentials stored in secret.
+	// Otherwise kubelet will not be able to obtain zone labels from vSphere and create initial node
+	// due to no credentials at this step.
+	// See https://github.com/kubernetes/kubernetes/blob/b960f7a0e04687c17e0b0801e17e7cab89f273cc/pkg/kubelet/kubelet_node_status.go#L384-L386
 	if isEnabled && vs.isSecretInfoProvided && vs.nodeManager.credentialManager == nil {
 		klog.V(1).Info("Zones can not be populated now due to credentials in Secret, skip.")
 		return false