From 3f997b58ed2d7da5991a1a0be5d8aad46d7a3ca2 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Fri, 6 Mar 2026 17:24:18 +0100 Subject: [PATCH] local-up-cluster.sh: support overriding or disabling sudo When invoked with root privileges, sudo isn't necessary. Having it as intermediary between a test executing the commands (the DRA upgrade/downgrade tests) and the actual commands let to the kubelet not being killed. Skipping the use of sudo helped. --- hack/local-up-cluster.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh index 6c382676ddb..39d02066170 100755 --- a/hack/local-up-cluster.sh +++ b/hack/local-up-cluster.sh @@ -333,7 +333,21 @@ REUSE_CERTS=${REUSE_CERTS:-false} # Ensure CERT_DIR is created for auto-generated crt/key and kubeconfig mkdir -p "${CERT_DIR}" &>/dev/null || sudo mkdir -p "${CERT_DIR}" -CONTROLPLANE_SUDO=$(test -w "${CERT_DIR}" || echo "sudo -E") + +# CONTROLPLANE_SUDO is used for control plane components. If the CERT_DIR is not writable, +# "sudo -E" is used to gain the necessary write privileges. +# Can be set to something else or explicitly to empty to override the default. +CONTROLPLANE_SUDO=${CONTROLPLANE_SUDO-$(test -w "${CERT_DIR}" || echo "sudo -E")} + +# KUBELET_SUDO is used for starting the kubelet. +# Can be set to something else or explicitly to empty to override the default. +KUBELET_SUDO=${KUBELET_SUDO-sudo -E} + +# PROXY_SUDO is used for starting kube-proxy. +# Can be set to something else or explicitly to empty to override the default. +PROXY_SUDO=${PROXY_SUDO-sudo -E} + +# Note that "sudo" is still used in various other places and must work. if (( KUBE_VERBOSE <= 4 )); then set +x @@ -1035,7 +1049,8 @@ EOF } >>"${TMP_DIR}"/kubelet.yaml # shellcheck disable=SC2024 - run kubelet "${KUBELET_LOG}" sudo -E "${GO_OUT}/kubelet" "${all_kubelet_flags[@]}" \ + # shellcheck disable=SC2086 # Word-splitting of KUBELET_SUDO is intentional. + run kubelet "${KUBELET_LOG}" ${KUBELET_SUDO} "${GO_OUT}/kubelet" "${all_kubelet_flags[@]}" \ --config="${TMP_DIR}"/kubelet.yaml & KUBELET_PID=$! @@ -1082,7 +1097,8 @@ EOF # Probably not necessary... # # shellcheck disable=SC2024 - run kube-proxy "${PROXY_LOG}" sudo "${GO_OUT}/kube-proxy" \ + # shellcheck disable=SC2086 # Word-splitting of KUBELET_SUDO is intentional. + run kube-proxy "${PROXY_LOG}" ${PROXY_SUDO} "${GO_OUT}/kube-proxy" \ --v="${LOG_LEVEL}" \ --config="${TMP_DIR}"/kube-proxy.yaml \ --healthz-port="${PROXY_HEALTHZ_PORT}" \