#!/bin/bash

USER='grigore'

openssl genrsa -out ${USER}.key 2048
openssl req -new -key ${USER}.key -out ${USER}.csr -subj "/CN=${USER}"

# Get certificate info:
# openssl x509 -noout -text -in ./grigore.crt

# $(cat ${USER}.key | base64 | tr -d "\n")

cat <<EOF > ${USER}.csr.yaml
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: ${USER}
spec:
  request: $(cat ${USER}.key | base64)
  signerName: kubernetes.io/kube-apiserver-client
  expirationSeconds: 86400  # one day
  usages:
  - client auth
EOF

# cat ${USER}.csr.yaml
# cat ${USER}.csr.yaml | yq -e .spec.request | base64 -D

# Create CSR:
# kubectl create -f ${USER}.csr.yaml

# Get the list of CSRs:
# kubectl get csr

# Approve the CSR:
# kubectl certificate approve ${USER}

# Export the issued certificate from the CertificateSigningRequest.
# kubectl get csr ${USER} -o jsonpath='{.status.certificate}'| base64 -d > ${USER}.crt


# Add to kubeconfig
# First, you need to add new credentials:
# kubectl config set-credentials ${USER} --client-key=${USER}.key --client-certificate=${USER}.crt --embed-certs=true

# Then, you need to add the context:
# kubectl config set-context ${USER} --cluster=kubernetes --user=${USER}

# To test it, change the context to ${USER}:
# kubectl config use-context ${USER}