From d388f3100f38834382a94b56f51ae7b40587f9a9 Mon Sep 17 00:00:00 2001
From: Robert Collins <robertc@vmware.com>
Date: Mon, 7 Nov 2016 15:08:34 +1300
Subject: [PATCH] Fix support for DNS in local-up-cluster.sh

- Fix unbound variables in hack/local-up-cluster.sh

- explicitly set KUBERNETES_PROVIDER in local-up-cluster.
  The default appears to be gce now, so this tries to spawn a service
  in gce... not the desired outcome for a local test setup.

- Remove stale creation of kube-system: the kube-system namespace is
  built in these days.

- Pickup third party etcd automatically.

- Retab hack/local-up-cluster.sh for consistency

- Update hack-local-up's internal credentials to match the user
  instructions we give (which work).

- Note the CA root requirement in local-up-cluster

- Fix a dangling comment in local-up-cluster

To test manually, run something like:
```sudo KUBE_ENABLE_CLUSTER_DNS+true API_HOST_IP=0.0.0.0
   ./hack/local-up-cluster.sh```
The API_HOST_IP=0.0.0.0 is required otherwise kubedns cannot contact
the master and the dns pod will fail readychecking on the healthz
container.
---
 hack/lib/etcd.sh         | 13 ++++++++++---
 hack/local-up-cluster.sh | 22 ++++++++++------------
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/hack/lib/etcd.sh b/hack/lib/etcd.sh
index b32f2113e2..ff09c68f7c 100644
--- a/hack/lib/etcd.sh
+++ b/hack/lib/etcd.sh
@@ -34,9 +34,16 @@ kube::etcd::start() {
 
   version=$(etcd --version | head -n 1 | cut -d " " -f 3)
   if [[ "${version}" < "${ETCD_VERSION}" ]]; then
-   kube::log::usage "etcd version ${ETCD_VERSION} or greater required."
-   kube::log::info "You can use 'hack/install-etcd.sh' to install a copy in third_party/."
-   exit 1
+   export PATH=$KUBE_ROOT/third_party/etcd:$PATH
+   hash etcd
+   echo $PATH
+   ls $KUBE_ROOT/third_party/etcd
+   version=$(etcd --version | head -n 1 | cut -d " " -f 3)
+   if [[ "${version}" < "${ETCD_VERSION}" ]]; then
+    kube::log::usage "etcd version ${ETCD_VERSION} or greater required."
+    kube::log::info "You can use 'hack/install-etcd.sh' to install a copy in third_party/."
+    exit 1
+   fi
   fi
 
   # Start etcd
diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index ddeb31096a..36bf448173 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -16,7 +16,8 @@
 
 # This command builds and runs a local kubernetes cluster. It's just like
 # local-up.sh, but this one launches the three separate binaries.
-# You may need to run this as root to allow kubelet to open docker's socket.
+# You may need to run this as root to allow kubelet to open docker's socket,
+# and to write the test CA in /var/run/kubernetes.
 DOCKER_OPTS=${DOCKER_OPTS:-""}
 DOCKER=(docker ${DOCKER_OPTS})
 DOCKERIZE_KUBELET=${DOCKERIZE_KUBELET:-""}
@@ -172,6 +173,8 @@ CPU_CFS_QUOTA=${CPU_CFS_QUOTA:-true}
 ENABLE_HOSTPATH_PROVISIONER=${ENABLE_HOSTPATH_PROVISIONER:-"false"}
 CLAIM_BINDER_SYNC_PERIOD=${CLAIM_BINDER_SYNC_PERIOD:-"15s"} # current k8s default
 ENABLE_CONTROLLER_ATTACH_DETACH=${ENABLE_CONTROLLER_ATTACH_DETACH:-"true"} # current default
+# This is the default dir and filename where the apiserver will generate a self-signed cert
+# which should be able to be used as the CA to verify itself
 CERT_DIR=${CERT_DIR:-"/var/run/kubernetes"}
 ROOT_CA_FILE=$CERT_DIR/apiserver.crt
 EXPERIMENTAL_CRI=${EXPERIMENTAL_CRI:-"false"}
@@ -461,10 +464,10 @@ function start_kubelet {
       fi
 
       auth_args=""
-      if [[ -n "${KUBELET_AUTHORIZATION_WEBHOOK}" ]]; then
+      if [[ -n "${KUBELET_AUTHORIZATION_WEBHOOK:-}" ]]; then
         auth_args="${auth_args} --authorization-mode=Webhook"
       fi
-      if [[ -n "${KUBELET_AUTHENTICATION_WEBHOOK}" ]]; then
+      if [[ -n "${KUBELET_AUTHENTICATION_WEBHOOK:-}" ]]; then
         auth_args="${auth_args} --authentication-token-webhook"
       fi
       if [[ -n "${CLIENT_CA_FILE:-}" ]]; then
@@ -483,7 +486,7 @@ function start_kubelet {
 
       image_service_endpoint_args=""
       if [[ -n "${IMAGE_SERVICE_ENDPOINT}" ]]; then
-	image_service_endpoint_args="--image-service-endpoint=${IMAGE_SERVICE_ENDPOINT}"
+        image_service_endpoint_args="--image-service-endpoint=${IMAGE_SERVICE_ENDPOINT}"
       fi
 
       sudo -E "${GO_OUT}/hyperkube" kubelet ${priv_arg}\
@@ -588,17 +591,12 @@ function start_kubedns {
           sed -i -e "/{{ pillar\['federations_domain_map'\] }}/d" skydns-rc.yaml
         fi
         sed -e "s/{{ pillar\['dns_server'\] }}/${DNS_SERVER_IP}/g" "${KUBE_ROOT}/cluster/addons/dns/skydns-svc.yaml.in" >| skydns-svc.yaml
-        cat <<EOF >namespace.yaml
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kube-system
-EOF
+        export KUBERNETES_PROVIDER=local
         ${KUBECTL} config set-cluster local --server=https://${API_HOST}:${API_SECURE_PORT} --certificate-authority=${ROOT_CA_FILE}
-        ${KUBECTL} config set-context local --cluster=local
+        ${KUBECTL} config set-credentials myself --username=admin --password=admin
+        ${KUBECTL} config set-context local --cluster=local --user=myself
         ${KUBECTL} config use-context local
 
-        ${KUBECTL} create -f namespace.yaml
         # use kubectl to create skydns rc and service
         ${KUBECTL} --namespace=kube-system create -f skydns-rc.yaml
         ${KUBECTL} --namespace=kube-system create -f skydns-svc.yaml