diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index eca7dde848..10a58922a0 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -22,21 +22,27 @@ DOCKER_NATIVE=${DOCKER_NATIVE:-""}
 DOCKER=(docker ${DOCKER_OPTS})
 DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""}
 ALLOW_PRIVILEGED=${ALLOW_PRIVILEGED:-""}
-
 KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..
 cd "${KUBE_ROOT}"
 
+if [ "$(id -u)" != "0" ]; then
+    echo "WARNING : This script MAY be run as root for docker socket / iptables functionality... if failures occur... Retry as root." 2>&1
+fi
+
 # Stop right away if the build fails
 set -e
 
 source "${KUBE_ROOT}/hack/lib/init.sh"
+
 "${KUBE_ROOT}/hack/build-go.sh"
 
-${DOCKER[@]} ps 2> /dev/null 1> /dev/null
-if [ "$?" != "0" ]; then
-  echo "Failed to successfully run 'docker ps', please verify that docker is installed and \$DOCKER_HOST is set correctly."
-  exit 1
-fi
+function test_docker {
+    ${DOCKER[@]} ps 2> /dev/null 1> /dev/null
+    if [ "$?" != "0" ]; then
+      echo "Failed to successfully run 'docker ps', please verify that docker is installed and \$DOCKER_HOST is set correctly."
+      exit 1
+    fi
+}
 
 # Shut down anyway if there's an error.
 set +e
@@ -50,54 +56,55 @@ LOG_LEVEL=${LOG_LEVEL:-3}
 CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-"docker"}
 CHAOS_CHANCE=${CHAOS_CHANCE:-0.0}
 
-# For the common local scenario, fail fast if server is already running.
-# this can happen if you run local-up-cluster.sh twice and kill etcd in between.
-curl $API_HOST:$API_PORT
-if [ ! $? -eq 0 ]; then
-    echo "API SERVER port is free, proceeding..."
-else
-    echo "ERROR starting API SERVER, exiting.  Some host on $API_HOST is serving already on $API_PORT"
-    exit 1
-fi
+function test_apiserver_off {
+    # For the common local scenario, fail fast if server is already running.
+    # this can happen if you run local-up-cluster.sh twice and kill etcd in between.
+    curl $API_HOST:$API_PORT
+    if [ ! $? -eq 0 ]; then
+        echo "API SERVER port is free, proceeding..."
+    else
+        echo "ERROR starting API SERVER, exiting.  Some host on $API_HOST is serving already on $API_PORT"
+        exit 1
+    fi
+}
 
-# Detect the OS name/arch so that we can find our binary
-case "$(uname -s)" in
-  Darwin)
-    host_os=darwin
-    ;;
-  Linux)
-    host_os=linux
-    ;;
-  *)
-    echo "Unsupported host OS.  Must be Linux or Mac OS X." >&2
-    exit 1
-    ;;
-esac
+function detect_binary {
+    # Detect the OS name/arch so that we can find our binary
+    case "$(uname -s)" in
+      Darwin)
+        host_os=darwin
+        ;;
+      Linux)
+        host_os=linux
+        ;;
+      *)
+        echo "Unsupported host OS.  Must be Linux or Mac OS X." >&2
+        exit 1
+        ;;
+    esac
 
-case "$(uname -m)" in
-  x86_64*)
-    host_arch=amd64
-    ;;
-  i?86_64*)
-    host_arch=amd64
-    ;;
-  amd64*)
-    host_arch=amd64
-    ;;
-  arm*)
-    host_arch=arm
-    ;;
-  i?86*)
-    host_arch=x86
-    ;;
-  *)
-    echo "Unsupported host arch. Must be x86_64, 386 or arm." >&2
-    exit 1
-    ;;
-esac
-
-GO_OUT="${KUBE_ROOT}/_output/local/bin/${host_os}/${host_arch}"
-KUBELET_CIDFILE=/tmp/kubelet.cid
+    case "$(uname -m)" in
+      x86_64*)
+        host_arch=amd64
+        ;;
+      i?86_64*)
+        host_arch=amd64
+        ;;
+      amd64*)
+        host_arch=amd64
+        ;;
+      arm*)
+        host_arch=arm
+        ;;
+      i?86*)
+        host_arch=x86
+        ;;
+      *)
+        echo "Unsupported host arch. Must be x86_64, 386 or arm." >&2
+        exit 1
+        ;;
+    esac
+}
 
 cleanup_dockerized_kubelet()
 {
@@ -141,96 +148,107 @@ cleanup()
   exit 0
 }
 
-trap cleanup EXIT
+function startETCD {
+    echo "Starting etcd"
+    kube::etcd::start
+}
 
-echo "Starting etcd"
-kube::etcd::start
+function set_service_accounts {
+    SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false}
+    SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-"/tmp/kube-serviceaccount.key"}
+    # Generate ServiceAccount key if needed
+    if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
+      mkdir -p "$(dirname ${SERVICE_ACCOUNT_KEY})"
+      openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
+    fi
+}
 
-SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-false}
-SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-"/tmp/kube-serviceaccount.key"}
-# Generate ServiceAccount key if needed
-if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
-  mkdir -p "$(dirname ${SERVICE_ACCOUNT_KEY})"
-  openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
-fi
+function start_apiserver {
+    # Admission Controllers to invoke prior to persisting objects in cluster
+    ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
 
-# Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
+    priv_arg=""
+    if [[ -n "${ALLOW_PRIVILEGED}" ]]; then
+      priv_arg="--allow-privileged "
+    fi
 
-priv_arg=""
-if [[ -n "${ALLOW_PRIVILEGED}" ]]; then
-  priv_arg="--allow-privileged "
-fi
+    APISERVER_LOG=/tmp/kube-apiserver.log
+    sudo -E "${GO_OUT}/kube-apiserver" ${priv_arg}\
+      --v=${LOG_LEVEL} \
+      --service_account_key_file="${SERVICE_ACCOUNT_KEY}" \
+      --service_account_lookup="${SERVICE_ACCOUNT_LOOKUP}" \
+      --admission_control="${ADMISSION_CONTROL}" \
+      --address="${API_HOST}" \
+      --port="${API_PORT}" \
+      --runtime_config=api/v1beta3 \
+      --etcd_servers="http://127.0.0.1:4001" \
+      --service-cluster-ip-range="10.0.0.0/24" \
+      --cors_allowed_origins="${API_CORS_ALLOWED_ORIGINS}" >"${APISERVER_LOG}" 2>&1 &
+    APISERVER_PID=$!
 
-APISERVER_LOG=/tmp/kube-apiserver.log
-sudo -E "${GO_OUT}/kube-apiserver" ${priv_arg}\
-  --v=${LOG_LEVEL} \
-  --service_account_key_file="${SERVICE_ACCOUNT_KEY}" \
-  --service_account_lookup="${SERVICE_ACCOUNT_LOOKUP}" \
-  --admission_control="${ADMISSION_CONTROL}" \
-  --address="${API_HOST}" \
-  --port="${API_PORT}" \
-  --runtime_config=api/v1beta3 \
-  --etcd_servers="http://127.0.0.1:4001" \
-  --service-cluster-ip-range="10.0.0.0/24" \
-  --cors_allowed_origins="${API_CORS_ALLOWED_ORIGINS}" >"${APISERVER_LOG}" 2>&1 &
-APISERVER_PID=$!
+    # Wait for kube-apiserver to come up before launching the rest of the components.
+    echo "Waiting for apiserver to come up"
+    kube::util::wait_for_url "http://${API_HOST}:${API_PORT}/api/v1beta3/pods" "apiserver: " 1 10 || exit 1
+}
 
-# Wait for kube-apiserver to come up before launching the rest of the components.
-echo "Waiting for apiserver to come up"
-kube::util::wait_for_url "http://${API_HOST}:${API_PORT}/api/v1beta3/pods" "apiserver: " 1 10 || exit 1
+function start_controller_manager {
+    CTLRMGR_LOG=/tmp/kube-controller-manager.log
+    sudo -E "${GO_OUT}/kube-controller-manager" \
+      --v=${LOG_LEVEL} \
+      --machines="127.0.0.1" \
+      --service_account_private_key_file="${SERVICE_ACCOUNT_KEY}" \
+      --master="${API_HOST}:${API_PORT}" >"${CTLRMGR_LOG}" 2>&1 &
+    CTLRMGR_PID=$!
+}
 
-CTLRMGR_LOG=/tmp/kube-controller-manager.log
-sudo -E "${GO_OUT}/kube-controller-manager" \
-  --v=${LOG_LEVEL} \
-  --machines="127.0.0.1" \
-  --service_account_private_key_file="${SERVICE_ACCOUNT_KEY}" \
-  --master="${API_HOST}:${API_PORT}" >"${CTLRMGR_LOG}" 2>&1 &
-CTLRMGR_PID=$!
+function start_kubelet {
+    KUBELET_LOG=/tmp/kubelet.log
+    if [[ -z "${DOCKERIZE_KUBELET}" ]]; then
+      sudo -E "${GO_OUT}/kubelet" ${priv_arg}\
+        --v=${LOG_LEVEL} \
+        --chaos_chance="${CHAOS_CHANCE}" \
+        --container_runtime="${CONTAINER_RUNTIME}" \
+        --hostname_override="127.0.0.1" \
+        --address="127.0.0.1" \
+        --api_servers="${API_HOST}:${API_PORT}" \
+        --port="$KUBELET_PORT" >"${KUBELET_LOG}" 2>&1 &
+      KUBELET_PID=$!
+    else
+      # Docker won't run a container with a cidfile (container id file)
+      # unless that file does not already exist; clean up an existing
+      # dockerized kubelet that might be running.
+      cleanup_dockerized_kubelet
 
-KUBELET_LOG=/tmp/kubelet.log
-if [[ -z "${DOCKERIZE_KUBELET}" ]]; then
-  sudo -E "${GO_OUT}/kubelet" ${priv_arg}\
-    --v=${LOG_LEVEL} \
-    --chaos_chance="${CHAOS_CHANCE}" \
-    --container_runtime="${CONTAINER_RUNTIME}" \
-    --hostname_override="127.0.0.1" \
-    --address="127.0.0.1" \
-    --api_servers="${API_HOST}:${API_PORT}" \
-    --port="$KUBELET_PORT" >"${KUBELET_LOG}" 2>&1 &
-  KUBELET_PID=$!
-else
-  # Docker won't run a container with a cidfile (container id file)
-  # unless that file does not already exist; clean up an existing
-  # dockerized kubelet that might be running.
-  cleanup_dockerized_kubelet
+      docker run \
+        --volume=/:/rootfs:ro \
+        --volume=/var/run:/var/run:rw \
+        --volume=/sys:/sys:ro \
+        --volume=/var/lib/docker/:/var/lib/docker:ro \
+        --volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
+        --net=host \
+        --privileged=true \
+        -i \
+        --cidfile=$KUBELET_CIDFILE \
+        gcr.io/google_containers/kubelet \
+        /kubelet --v=3 --containerized ${priv_arg}--chaos-chance="${CHAOS_CHANCE}" --hostname-override="127.0.0.1" --address="127.0.0.1" --api-servers="${API_HOST}:${API_PORT}" --port="$KUBELET_PORT" --resource-container="" &> $KUBELET_LOG &
+    fi
+}
 
-  docker run \
-    --volume=/:/rootfs:ro \
-    --volume=/var/run:/var/run:rw \
-    --volume=/sys:/sys:ro \
-    --volume=/var/lib/docker/:/var/lib/docker:ro \
-    --volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
-    --net=host \
-    --privileged=true \
-    -i \
-    --cidfile=$KUBELET_CIDFILE \
-    gcr.io/google_containers/kubelet \
-    /kubelet --v=3 --containerized ${priv_arg}--chaos-chance="${CHAOS_CHANCE}" --hostname-override="127.0.0.1" --address="127.0.0.1" --api-servers="${API_HOST}:${API_PORT}" --port="$KUBELET_PORT" --resource-container="" &> $KUBELET_LOG &
-fi
+function start_kubeproxy {
+    PROXY_LOG=/tmp/kube-proxy.log
+    sudo -E "${GO_OUT}/kube-proxy" \
+      --v=${LOG_LEVEL} \
+      --master="http://${API_HOST}:${API_PORT}" >"${PROXY_LOG}" 2>&1 &
+    PROXY_PID=$!
 
-PROXY_LOG=/tmp/kube-proxy.log
-sudo -E "${GO_OUT}/kube-proxy" \
-  --v=${LOG_LEVEL} \
-  --master="http://${API_HOST}:${API_PORT}" >"${PROXY_LOG}" 2>&1 &
-PROXY_PID=$!
-
-SCHEDULER_LOG=/tmp/kube-scheduler.log
-sudo -E "${GO_OUT}/kube-scheduler" \
-  --v=${LOG_LEVEL} \
-  --master="http://${API_HOST}:${API_PORT}" >"${SCHEDULER_LOG}" 2>&1 &
-SCHEDULER_PID=$!
+    SCHEDULER_LOG=/tmp/kube-scheduler.log
+    sudo -E "${GO_OUT}/kube-scheduler" \
+      --v=${LOG_LEVEL} \
+      --master="http://${API_HOST}:${API_PORT}" >"${SCHEDULER_LOG}" 2>&1 &
+    SCHEDULER_PID=$!
+}
 
+function print_success {
 cat <<EOF
 Local Kubernetes cluster is running. Press Ctrl-C to shut it down.
 
@@ -248,5 +266,23 @@ To start using your cluster, open up another terminal/tab and run:
   cluster/kubectl.sh config use-context local
   cluster/kubectl.sh
 EOF
+}
+
+
+test_docker
+test_apiserver_off
+detect_binary
+echo "Detected host and ready to start services.  Doing some housekeeping first..."
+GO_OUT="${KUBE_ROOT}/_output/local/bin/${host_os}/${host_arch}"
+KUBELET_CIDFILE=/tmp/kubelet.cid
+trap cleanup EXIT
+echo "Starting services now!"
+startETCD
+set_service_accounts
+start_apiserver
+start_controller_manager
+start_kubelet
+start_kubeproxy
+print_success
 
 while true; do sleep 1; done