[mesos/docker] Enhance kube-up to better support running in a container (for CI)

- Generate CA & API Server SSL key/cert in keygen docker image
  - Refactor SSL generation
  - Generate service account key & user files on local machine
- Enable kube-up to be run in a container (kubernetes-mesos-test)
- Add timeout env vars
- Pull docker images up front to avoid timeouts
- Remove docker image builds from test-setup
- Nuke logs dir before each kube-up
- Make run_in_docker work without KUBECONFIG defined
- Fix temp dir cleanup
- Add auth mount env var
  - Default to $HOME/tmp/kubernetes/auth
  - Outside of repo (which gets docker mounted when using kubernetes-mesos-test)
  - Inside $HOME (which gets vm mounted when using docker-machine or boot2docker)
- Add log dump dir env var
  - Default to $HOME/tmp/kubernetes/logs (for consistancy with auth dir)
- Enable errtrace
- Increase log level to aid CI debugging

cluster/mesos/docker/keygen/Dockerfile

@@ -0,0 +1,18 @@
+FROM ubuntu:14.04.2
+MAINTAINER Mesosphere <support@mesosphere.io>
+
+RUN locale-gen en_US.UTF-8
+RUN dpkg-reconfigure locales
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+
+RUN apt-get update -qq && \
+    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
+        curl \
+        openssl \
+        && \
+    apt-get clean
+
+COPY ./bin/* /usr/local/bin/
+
+ENTRYPOINT ["kube-keygen.sh"]

cluster/mesos/docker/keygen/bin/kube-cagen.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generates root certificate authority crt and key.
+# Writes to <out_dir> (use docker volume or docker export to retrieve files).
+# Params:
+#   out_dir  - dir to write crt and key to
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+source "util-ssl.sh"
+
+out_dir="${1:-}"
+[ -z "${out_dir}" ] && echo "No out_dir supplied (param 1)" && exit 1
+
+cluster::mesos::docker::create_root_certificate_authority "${out_dir}"

cluster/mesos/docker/keygen/bin/kube-keygen.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generates apiserver crt and key.
+# Requires provided hostname to be resolvable (use docker link).
+# Requires root certificate in <in_dir> (use docker volume).
+# Writes to <out_dir> (use docker volume or docker export to retrieve files).
+# Params:
+#   hostname - host name of the Kubernetes API Server to resolve into an IP
+#   in_dir   - dir to read root certificate from
+#   out_dir  - (Optional) dir to write crt and key to  (default=<in_dir>)
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+source "util-ssl.sh"
+
+hostname="${1:-}"
+[ -z "${hostname}" ] && echo "No hostname supplied (param 1)" && exit 1
+
+in_dir="${2:-}"
+[ -z "${in_dir}" ] && echo "No in_dir supplied (param 2)" && exit 1
+
+out_dir="${3:-${in_dir}}"
+
+# Certificate generation depends on IP being resolvable from the provided hostname.
+apiserver_ip="$(resolveip ${hostname})"
+apiservice_ip="10.10.10.1" #TODO(karlkfi): extract config
+
+cluster::mesos::docker::create_apiserver_cert "${in_dir}" "${out_dir}" "${apiserver_ip}" "${apiservice_ip}"

cluster/mesos/docker/keygen/build.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Builds a docker image that generates ssl certificates/keys/tokens required by kubernetes
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+IMAGE_REPO=${IMAGE_REPO:-mesosphere/kubernetes-mesos-keygen}
+IMAGE_TAG=${IMAGE_TAG:-latest}
+
+script_dir=$(cd $(dirname "${BASH_SOURCE}") && pwd -P)
+common_bin_path=$(cd ${script_dir}/../common/bin && pwd -P)
+KUBE_ROOT=$(cd ${script_dir}/../../../.. && pwd -P)
+
+source "${common_bin_path}/util-temp-dir.sh"
+
+cd "${KUBE_ROOT}"
+
+function build_image {
+  local -r workspace="$(pwd)"
+
+  echo "Copying files to workspace"
+
+  # binaries & scripts
+  mkdir -p "${workspace}/bin"
+  cp -a "${common_bin_path}/"* "${workspace}/bin/"
+  cp -a "${script_dir}/bin/"* "${workspace}/bin/"
+
+  # docker
+  cp -a "${script_dir}/Dockerfile" "${workspace}/"
+
+  echo "Building docker image ${IMAGE_REPO}:${IMAGE_TAG}"
+  set -o xtrace
+  docker build -t ${IMAGE_REPO}:${IMAGE_TAG} "$@" .
+  set +o xtrace
+  echo "Built docker image ${IMAGE_REPO}:${IMAGE_TAG}"
+}
+
+cluster::mesos::docker::run_in_temp_dir 'k8sm-keygen' 'build_image'