From d8c8b8d65bbffd868a17e4a5c410025f5a9c9e05 Mon Sep 17 00:00:00 2001
From: Walter Fender <wfender@google.com>
Date: Fri, 1 Sep 2017 16:03:34 -0700
Subject: [PATCH] Enabling aggregator functionality on kubemark, gce

Enabling full functionality aggregator functionality in kubemark tests.
This includes configuring it to work in gce (we seem to assume gce in our kubemark tests)
It also includes setting up the relevant security and auth config.
Removing unneeded reference to CA key for MHBauer.
Fixed to pull the "parsed" values for the certs.
Fix from shyamjvs.
---
 test/kubemark/resources/start-kubemark-master.sh | 8 ++++++++
 test/kubemark/start-kubemark.sh                  | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/test/kubemark/resources/start-kubemark-master.sh b/test/kubemark/resources/start-kubemark-master.sh
index 5b47bdb072c..4aa204881db 100755
--- a/test/kubemark/resources/start-kubemark-master.sh
+++ b/test/kubemark/resources/start-kubemark-master.sh
@@ -347,6 +347,14 @@ function compute-kube-apiserver-params {
 	fi
 	params+=" --tls-cert-file=/etc/srv/kubernetes/server.cert"
 	params+=" --tls-private-key-file=/etc/srv/kubernetes/server.key"
+	params+=" --requestheader-client-ca-file=/etc/srv/kubernetes/aggr_ca.crt"
+	params+=" --requestheader-allowed-names=aggregator"
+	params+=" --requestheader-extra-headers-prefix=X-Remote-Extra-"
+	params+=" --requestheader-group-headers=X-Remote-Group"
+	params+=" --requestheader-username-headers=X-Remote-User"
+	params+=" --proxy-client-cert-file=/etc/srv/kubernetes/proxy_client.crt"
+	params+=" --proxy-client-key-file=/etc/srv/kubernetes/proxy_client.key"
+	params+=" --enable-aggregator-routing=true"
 	params+=" --client-ca-file=/etc/srv/kubernetes/ca.crt"
 	params+=" --token-auth-file=/etc/srv/kubernetes/known_tokens.csv"
 	params+=" --secure-port=443"
diff --git a/test/kubemark/start-kubemark.sh b/test/kubemark/start-kubemark.sh
index cf28307bf89..626f713e86a 100755
--- a/test/kubemark/start-kubemark.sh
+++ b/test/kubemark/start-kubemark.sh
@@ -102,6 +102,9 @@ function write-pki-config-to-master {
     sudo bash -c \"echo ${CA_CERT_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/ca.crt\" && \
     sudo bash -c \"echo ${MASTER_CERT_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/server.cert\" && \
     sudo bash -c \"echo ${MASTER_KEY_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/server.key\" && \
+    sudo bash -c \"echo ${REQUESTHEADER_CA_CERT_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/aggr_ca.crt\" && \
+    sudo bash -c \"echo ${PROXY_CLIENT_CERT_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/proxy_client.crt\" && \
+    sudo bash -c \"echo ${PROXY_CLIENT_KEY_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/proxy_client.key\" && \
     sudo bash -c \"echo ${KUBECFG_CERT_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/kubecfg.crt\" && \
     sudo bash -c \"echo ${KUBECFG_KEY_BASE64} | base64 --decode > /home/kubernetes/k8s_auth_data/kubecfg.key\" && \
     sudo bash -c \"echo \"${KUBE_BEARER_TOKEN},admin,admin\" > /home/kubernetes/k8s_auth_data/known_tokens.csv\" && \