From 77fbafb620c64d2fe8443a247f37dab87c6ebcf0 Mon Sep 17 00:00:00 2001
From: Jose Donizetti <jdbjunior@gmail.com>
Date: Fri, 28 Feb 2020 17:05:44 -0300
Subject: [PATCH 1/2] kic: fix unprivileged port bind tunnel docker for mac

---
 pkg/minikube/tunnel/kic/ssh_conn.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go
index d619a44bc508..6674db4af69f 100644
--- a/pkg/minikube/tunnel/kic/ssh_conn.go
+++ b/pkg/minikube/tunnel/kic/ssh_conn.go
@@ -36,6 +36,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	// extract sshArgs
 	sshArgs := []string{
 		// TODO: document the options here
+		"ssh",
 		"-o", "UserKnownHostsFile=/dev/null",
 		"-o", "StrictHostKeyChecking no",
 		"-N",
@@ -55,7 +56,7 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 		sshArgs = append(sshArgs, arg)
 	}
 
-	cmd := exec.Command("ssh", sshArgs...)
+	cmd := exec.Command("sudo", sshArgs...)
 
 	return &sshConn{
 		name:    name,

From 11c0612b5cb4a1b016a849e0e14d856be1bd04ba Mon Sep 17 00:00:00 2001
From: Jose Donizetti <jdbjunior@gmail.com>
Date: Fri, 28 Feb 2020 18:34:10 -0300
Subject: [PATCH 2/2] kic: only ask sudo for privileged ports tunnel docker for
 mac

---
 pkg/minikube/tunnel/kic/ssh_conn.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/pkg/minikube/tunnel/kic/ssh_conn.go b/pkg/minikube/tunnel/kic/ssh_conn.go
index 6674db4af69f..7f8728bcdc9b 100644
--- a/pkg/minikube/tunnel/kic/ssh_conn.go
+++ b/pkg/minikube/tunnel/kic/ssh_conn.go
@@ -36,7 +36,6 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 	// extract sshArgs
 	sshArgs := []string{
 		// TODO: document the options here
-		"ssh",
 		"-o", "UserKnownHostsFile=/dev/null",
 		"-o", "StrictHostKeyChecking no",
 		"-N",
@@ -45,6 +44,8 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 		"-i", sshKey,
 	}
 
+	askForSudo := false
+	var privilegedPorts []int32
 	for _, port := range svc.Spec.Ports {
 		arg := fmt.Sprintf(
 			"-L %d:%s:%d",
@@ -53,10 +54,27 @@ func createSSHConn(name, sshPort, sshKey string, svc *v1.Service) *sshConn {
 			port.Port,
 		)
 
+		// check if any port is privileged
+		if port.Port < 1024 {
+			privilegedPorts = append(privilegedPorts, port.Port)
+			askForSudo = true
+		}
+
 		sshArgs = append(sshArgs, arg)
 	}
 
-	cmd := exec.Command("sudo", sshArgs...)
+	command := "ssh"
+
+	if askForSudo {
+		// TODO: use out package
+		fmt.Printf("The service %s requires priviledged ports to be exposed: %v\n", svc.Name, privilegedPorts)
+		fmt.Printf("sudo permission will be asked for it.\n")
+
+		command = "sudo"
+		sshArgs = append([]string{"ssh"}, sshArgs...)
+	}
+
+	cmd := exec.Command(command, sshArgs...)
 
 	return &sshConn{
 		name:    name,