From d212041d513c1551f1027186ba38935eef7dce7c Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Wed, 8 Mar 2023 17:41:12 +0100
Subject: [PATCH] hack/local-up-cluster.sh: Remove old dynamic certs

When running this script more than once on Debian and Ubuntu, we fail to
chown -R the CERT_DIR due to this file owned by root and the CERT_DIR
owned by the unprivileged user running the script.

Let's remove the file, that is something we can always do, before
generating the certs. This fixes the problem on Debian and Ubuntu local
setups.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---
 hack/local-up-cluster.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index 09969f80901..b3f010a45ee 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -502,6 +502,13 @@ function start_apiserver {
     fi
 
     if [[ "${REUSE_CERTS}" != true ]]; then
+      # Clean previous dynamic certs
+      # This file is owned by root, so we can't always overwrite it (depends if
+      # we run the script as root or not). Let's remove it, that is something we
+      # can always do: either we have write permissions as a user in CERT_DIR or
+      # we run the rm with sudo.
+      ${CONTROLPLANE_SUDO} rm -f "${CERT_DIR}"/kubelet-rotated.kubeconfig
+
       # Create Certs
       generate_certs
     fi