From 5b1086b897ccb15df07dbfbac1cd65ad2247e3d1 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Mon, 28 Mar 2022 16:41:58 -0400
Subject: [PATCH 1/3] Add some sudo in local-up-cluster.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 hack/local-up-cluster.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index 31e14a24890..10de408dcad 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -1046,10 +1046,10 @@ function install_cni {
     && echo "${CNI_PLUGINS_AMD64_SHA256SUM}  /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \
     && sha256sum --ignore-missing -c /tmp/cni.sha256 \
     && rm -f /tmp/cni.sha256 \
-    && mkdir -p /opt/cni/bin \
-    && tar -C /opt/cni/bin -xzvf /tmp/cni."${CNI_TARGETARCH}".tgz \
+    && sudo mkdir -p /opt/cni/bin \
+    && sudo tar -C /opt/cni/bin -xzvf /tmp/cni."${CNI_TARGETARCH}".tgz \
     && rm -rf /tmp/cni."${CNI_TARGETARCH}".tgz \
-    && find /opt/cni/bin -type f -not \( \
+    && sudo find /opt/cni/bin -type f -not \( \
          -iname host-local \
          -o -iname bridge \
          -o -iname portmap \
@@ -1059,8 +1059,8 @@ function install_cni {
 
   # containerd 1.4.12 installed by docker in kubekins supports CNI version 0.4.0
   echo "Configuring cni"
-  mkdir -p "$CNI_CONFIG_DIR"
-  cat << EOF | tee "$CNI_CONFIG_DIR"/10-containerd-net.conflist
+  sudo mkdir -p "$CNI_CONFIG_DIR"
+  cat << EOF | sudo tee "$CNI_CONFIG_DIR"/10-containerd-net.conflist
 {
   "cniVersion": "0.4.0",
   "name": "containerd-net",

From 43bf01e08004726a6fa71791e24d92f01b66c28a Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Mon, 28 Mar 2022 18:08:16 -0400
Subject: [PATCH 2/3] bash verbose around admin-kube-aggregator.kubeconfig

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 hack/local-up-cluster.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index 10de408dcad..c8a1da630de 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -613,7 +613,7 @@ EOF
     if [[ -z "${AUTH_ARGS}" ]]; then
         AUTH_ARGS="--client-key=${CERT_DIR}/client-admin.key --client-certificate=${CERT_DIR}/client-admin.crt"
     fi
-
+    set -x
     # Grant apiserver permission to speak to the kubelet
     ${KUBECTL} --kubeconfig "${CERT_DIR}/admin.kubeconfig" create clusterrolebinding kube-apiserver-kubelet-admin --clusterrole=system:kubelet-api-admin --user=kube-apiserver
 
@@ -623,6 +623,7 @@ EOF
     ${CONTROLPLANE_SUDO} cp "${CERT_DIR}/admin.kubeconfig" "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
     ${CONTROLPLANE_SUDO} chown "$(whoami)" "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
     ${KUBECTL} config set-cluster local-up-cluster --kubeconfig="${CERT_DIR}/admin-kube-aggregator.kubeconfig" --server="https://${API_HOST_IP}:31090"
+    set +x
     echo "use 'kubectl --kubeconfig=${CERT_DIR}/admin-kube-aggregator.kubeconfig' to use the aggregated API server"
 
 }

From 89b1accf4d22f558ff284c2d8ede47a2e4390541 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Mon, 28 Mar 2022 18:55:06 -0400
Subject: [PATCH 3/3] switch owner for CERT_DIR

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 hack/local-up-cluster.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index c8a1da630de..25312e6ffcd 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -613,7 +613,6 @@ EOF
     if [[ -z "${AUTH_ARGS}" ]]; then
         AUTH_ARGS="--client-key=${CERT_DIR}/client-admin.key --client-certificate=${CERT_DIR}/client-admin.crt"
     fi
-    set -x
     # Grant apiserver permission to speak to the kubelet
     ${KUBECTL} --kubeconfig "${CERT_DIR}/admin.kubeconfig" create clusterrolebinding kube-apiserver-kubelet-admin --clusterrole=system:kubelet-api-admin --user=kube-apiserver
 
@@ -621,9 +620,8 @@ EOF
     ${KUBECTL} --kubeconfig "${CERT_DIR}/admin.kubeconfig" create clusterrolebinding kubelet-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes
 
     ${CONTROLPLANE_SUDO} cp "${CERT_DIR}/admin.kubeconfig" "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
-    ${CONTROLPLANE_SUDO} chown "$(whoami)" "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
+    ${CONTROLPLANE_SUDO} chown -R "$(whoami)" "${CERT_DIR}"
     ${KUBECTL} config set-cluster local-up-cluster --kubeconfig="${CERT_DIR}/admin-kube-aggregator.kubeconfig" --server="https://${API_HOST_IP}:31090"
-    set +x
     echo "use 'kubectl --kubeconfig=${CERT_DIR}/admin-kube-aggregator.kubeconfig' to use the aggregated API server"
 
 }