several issues hit while trying to make it easy to register APIs

hack/local-up-cluster.sh

@@ -34,6 +34,7 @@ NET_PLUGIN=${NET_PLUGIN:-""}
 # Place the binaries required by NET_PLUGIN in this directory, eg: "/home/kubernetes/bin".
 NET_PLUGIN_DIR=${NET_PLUGIN_DIR:-""}
 SERVICE_CLUSTER_IP_RANGE=${SERVICE_CLUSTER_IP_RANGE:-10.0.0.0/24}
+FIRST_SERVICE_CLUSTER_IP=${FIRST_SERVICE_CLUSTER_IP:-10.0.0.1}
 # if enabled, must set CGROUP_ROOT
 CGROUPS_PER_QOS=${CGROUPS_PER_QOS:-false}
 # this is not defaulted to preserve backward compatibility.
@@ -404,7 +405,7 @@ function start_apiserver {
     kube::util::create_signing_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" request-header '"client auth"'
 
     # serving cert for kube-apiserver
-    kube::util::create_serving_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "server-ca" kube-apiserver kubernetes.default.svc "localhost" ${API_HOST_IP} ${API_HOST}
+    kube::util::create_serving_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "server-ca" kube-apiserver kubernetes.default kubernetes.default.svc "localhost" ${API_HOST_IP} ${API_HOST} ${FIRST_SERVICE_CLUSTER_IP}
 
     # Create client certs signed with client-ca, given id, given CN and a number of groups
     kube::util::create_client_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" 'client-ca' kubelet system:node:${HOSTNAME_OVERRIDE} system:nodes
@@ -484,7 +485,7 @@ function start_apiserver {
     ${KUBECTL} --kubeconfig="${CERT_DIR}/admin.kubeconfig" create namespace kube-public
     ${CONTROLPLANE_SUDO} cp "${CERT_DIR}/admin.kubeconfig" "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
     ${CONTROLPLANE_SUDO} chown $(whoami) "${CERT_DIR}/admin-kube-aggregator.kubeconfig"
-    ${KUBECTL} config set-cluster local-up-cluster --kubeconfig="${CERT_DIR}/admin-kube-aggregator.kubeconfig" --server="https://${API_HOST_IP}:9443"
+    ${KUBECTL} config set-cluster local-up-cluster --kubeconfig="${CERT_DIR}/admin-kube-aggregator.kubeconfig" --server="https://${API_HOST_IP}:31090"
     echo "use 'kubectl --kubeconfig=${CERT_DIR}/admin-kube-aggregator.kubeconfig' to use the aggregated API server"
 
 }
@@ -515,7 +516,6 @@ function start_controller_manager {
 function start_kubelet {
     KUBELET_LOG=/tmp/kubelet.log
     mkdir -p ${POD_MANIFEST_PATH} || true
-    cp ${KUBE_ROOT}/vendor/k8s.io/kube-aggregator/artifacts/hostpath-pods/insecure-etcd-pod.yaml ${POD_MANIFEST_PATH}/kube-aggregator.yaml
 
     priv_arg=""
     if [[ -n "${ALLOW_PRIVILEGED}" ]]; then

staging/src/k8s.io/kube-aggregator/artifacts/self-contained/kubernetes-discover-pod.yaml

@@ -84,14 +84,14 @@ spec:
       - name: volume-etcd-client-cert
         secret:
           defaultMode: 420
-          secretName: discovery-etcd
+          secretName: kube-aggregator-etcd
       - name: volume-serving-cert
         secret:
           defaultMode: 420
-          secretName: serving-discovery
+          secretName: serving-kube-aggregator
       - configMap:
           defaultMode: 420
-          name: discovery-ca
+          name: kube-aggregator-ca
         name: volume-serving-ca
       - configMap:
           defaultMode: 420

staging/src/k8s.io/kube-aggregator/hack/apiservice-template.yaml

@@ -0,0 +1,12 @@
+apiVersion: apiregistration.k8s.io/v1alpha1
+kind: APIService
+metadata:
+  name: RESOURCE_NAME
+spec:
+  group: API_GROUP
+  version: API_VERSION
+  service:
+    namespace: SERVICE_NAMESPACE
+    name: SERVICE_NAME
+  caBundle: CA_BUNDLE
+  priority: 100