From b4da46974c47dabbdfe9f99c7662a645e0b22290 Mon Sep 17 00:00:00 2001
From: nikhiljindal <nikhiljindal@google.com>
Date: Mon, 6 Jun 2016 14:52:51 -0700
Subject: [PATCH] Updating federation up script to create a secret with
 federation-apiserver kubeconfig

---
 cluster/common.sh            | 20 ++++++++++++++------
 federation/cluster/common.sh | 27 ++++++++++++++++++++++-----
 2 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/cluster/common.sh b/cluster/common.sh
index 1ca2736afd..4990d05d18 100755
--- a/cluster/common.sh
+++ b/cluster/common.sh
@@ -59,6 +59,7 @@ KUBE_CI_VERSION_REGEX="^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)-(be
 #   KUBE_KEY
 #   CA_CERT
 function create-kubeconfig() {
+  KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
   local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
   SECONDARY_KUBECONFIG=${SECONDARY_KUBECONFIG:-}
   OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
@@ -67,7 +68,6 @@ function create-kubeconfig() {
       CONTEXT=$OVERRIDE_CONTEXT
   fi
 
-  export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
   # KUBECONFIG determines the file we write to, but it may not exist yet
   if [[ ! -e "${KUBECONFIG}" ]]; then
     mkdir -p $(dirname "${KUBECONFIG}")
@@ -104,21 +104,21 @@ function create-kubeconfig() {
     )
   fi
 
-  "${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
+  KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-cluster "${CONTEXT}" "${cluster_args[@]}"
   if [[ -n "${user_args[@]:-}" ]]; then
-    "${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
+    KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}" "${user_args[@]}"
   fi
-  "${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
+  KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-context "${CONTEXT}" --cluster="${CONTEXT}" --user="${CONTEXT}"
 
   if [[ "${SECONDARY_KUBECONFIG}" != "true" ]];then
-      "${kubectl}" config use-context "${CONTEXT}"  --cluster="${CONTEXT}"
+      KUBECONFIG="${KUBECONFIG}" "${kubectl}" config use-context "${CONTEXT}"  --cluster="${CONTEXT}"
   fi
 
   # If we have a bearer token, also create a credential entry with basic auth
   # so that it is easy to discover the basic auth password for your cluster
   # to use in a web browser.
   if [[ ! -z "${KUBE_BEARER_TOKEN:-}" && ! -z "${KUBE_USER:-}" && ! -z "${KUBE_PASSWORD:-}" ]]; then
-    "${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}"
+    KUBECONFIG="${KUBECONFIG}" "${kubectl}" config set-credentials "${CONTEXT}-basic-auth" "--username=${KUBE_USER}" "--password=${KUBE_PASSWORD}"
   fi
 
    echo "Wrote config for ${CONTEXT} to ${KUBECONFIG}"
@@ -128,8 +128,16 @@ function create-kubeconfig() {
 # Assumed vars:
 #   KUBECONFIG
 #   CONTEXT
+#
+# To explicitly name the context being removed, use OVERRIDE_CONTEXT
 function clear-kubeconfig() {
   export KUBECONFIG=${KUBECONFIG:-$DEFAULT_KUBECONFIG}
+  OVERRIDE_CONTEXT=${OVERRIDE_CONTEXT:-}
+
+  if [[ "$OVERRIDE_CONTEXT" != "" ]];then
+      CONTEXT=$OVERRIDE_CONTEXT
+  fi
+
   local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
   "${kubectl}" config unset "clusters.${CONTEXT}"
   "${kubectl}" config unset "users.${CONTEXT}"
diff --git a/federation/cluster/common.sh b/federation/cluster/common.sh
index 730772c98c..699b271381 100644
--- a/federation/cluster/common.sh
+++ b/federation/cluster/common.sh
@@ -32,6 +32,7 @@ KUBE_ARCH=${KUBE_ARCH:-amd64}
 KUBE_BUILD_STAGE=${KUBE_BUILD_STAGE:-release-stage}
 
 source "${KUBE_ROOT}/cluster/common.sh"
+source "${KUBE_ROOT}/hack/lib/util.sh"
 
 host_kubectl="${KUBE_ROOT}/cluster/kubectl.sh --namespace=${FEDERATION_NAMESPACE}"
 
@@ -110,6 +111,27 @@ function create-federated-api-objects {
     $template "${manifests_root}/federation-apiserver-"{deployment,secrets}".yaml" | $host_kubectl create -f -
     $template "${manifests_root}/federation-controller-manager-deployment.yaml" | $host_kubectl create -f -
 
+    # Create a kubeconfig with credentails for federation-apiserver and create a
+    # secret for it.
+
+    # Create kubeconfig. Note that the file name should be "kubeconfig"
+    # so that the secret key gets the same name.
+    kube::util::ensure-temp-dir
+    CONTEXT=federated-cluster \
+	   KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
+           KUBECONFIG="${KUBE_TEMP}/federation/federation-apiserver/kubeconfig" \
+	   create-kubeconfig
+
+    # Create the secret
+    $host_kubectl create secret generic federation-apiserver-secret --from-file="${KUBE_TEMP}/federation/federation-apiserver/kubeconfig" --namespace="${FEDERATION_NAMESPACE}"
+
+
+    # Update the users kubeconfig to include federation-apiserver credentials.
+    CONTEXT=federated-cluster \
+	   KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
+	   SECONDARY_KUBECONFIG=true \
+	   create-kubeconfig
+
     # Don't finish provisioning until federation-apiserver pod is running
     for i in {1..30};do
 	#TODO(colhom): in the future this needs to scale out for N pods. This assumes just one pod
@@ -145,11 +167,6 @@ function create-federated-api-objects {
 
 	sleep 4
     done
-    
-    CONTEXT=federated-cluster \
-	   KUBE_BEARER_TOKEN="$FEDERATION_API_TOKEN" \
-	   SECONDARY_KUBECONFIG=true \
-	   create-kubeconfig
 )
 }