Forked from innovia/kubernetes_add_service_account_kubeconfig.sh
Created
February 5, 2021 08:36
-
-
Save sohel2020/c67796bbfa46812e80b85ac60a9f176f to your computer and use it in GitHub Desktop.
Revisions
-
innovia revised this gist
Oct 15, 2018 . 1 changed file with 5 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,27 +20,26 @@ create_target_folder() { } create_service_account() { echo -e "\\nCreating a service account in ${NAMESPACE} namespace: ${SERVICE_ACCOUNT_NAME}" kubectl create sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" } get_secret_name_from_service_account() { echo -e "\\nGetting secret of service account ${SERVICE_ACCOUNT_NAME} on ${NAMESPACE}" SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace="${NAMESPACE}" -o json | jq -r .secrets[].name) echo "Secret name: ${SECRET_NAME}" } extract_ca_crt_from_secret() { echo -e -n "\\nExtracting ca.crt from secret..." kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq \ -r '.data["ca.crt"]' | base64 -D > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { echo -e -n "\\nGetting user token from secret..." USER_TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq -r '.data["token"]' | base64 -D) printf "done" } -
May 30, 2018 . 1 changed file with 6 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,26 +20,27 @@ create_target_folder() { } create_service_account() { echo -e "\\nCreating a service account: ${SERVICE_ACCOUNT_NAME} on namespace: ${NAMESPACE}" kubectl create sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" } get_secret_name_from_service_account() { echo -e "\\nGetting secret of service account ${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.secrets[].name') echo "Secret name: ${SECRET_NAME}" } extract_ca_crt_from_secret() { echo -e -n "\\nExtracting ca.crt from secret..." kubectl get secret "${SECRET_NAME}" --namespace "${NAMESPACE}" -o json | jq \ -r '.data["ca.crt"]' | base64 -D > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { echo -e -n "\\nGetting user token from secret..." USER_TOKEN=$(kubectl get secret "${SECRET_NAME}" \ --namespace "${NAMESPACE}" -o json | jq -r '.data["token"]' | base64 -D) printf "done" } -
May 29, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -93,3 +93,4 @@ echo -e "\\nAll done! Test with:" echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods -
May 29, 2018 . 1 changed file with 16 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,13 +3,14 @@ set -e set -o pipefail # Add user to k8s using service account, no RBAC (must create RBAC after this script) if [[ -z "$1" ]] || [[ -z "$2" ]]; then echo "usage: $0 <service_account_name> <namespace>" exit 1 fi SERVICE_ACCOUNT_NAME=$1 NAMESPACE="$2" KUBECFG_FILE_NAME="/tmp/kube/k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" TARGET_FOLDER="/tmp/kube" create_target_folder() { @@ -19,13 +20,13 @@ create_target_folder() { } create_service_account() { echo -e "\\nCreating a service account: ${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" kubectl create sa "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" } get_secret_name_from_service_account() { echo -e "\\nGetting secret of service account ${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}" -o json | jq -r .secrets[].name) echo "Secret name: ${SECRET_NAME}" } @@ -54,7 +55,7 @@ set_kube_config_values() { echo "Endpoint: ${ENDPOINT}" # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ @@ -64,19 +65,20 @@ set_kube_config_values() { echo -n "Setting token credentials entry in kubeconfig..." kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${USER_TOKEN}" echo -n "Setting a context entry in kubeconfig..." kubectl config set-context \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --cluster="${CLUSTER_NAME}" \ --user="${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --namespace="${NAMESPACE}" echo -n "Setting the current-context in the kubeconfig file..." kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } @@ -87,8 +89,7 @@ extract_ca_crt_from_secret get_user_token_from_secret set_kube_config_values echo -e "\\nAll done! Test with:" echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" -
May 29, 2018 . 1 changed file with 89 additions and 58 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,63 +1,94 @@ #!/bin/bash set -e set -o pipefail # Add user to k8s using service account, no RBAC (must create RBAC after this script) if [[ -z "$1" ]]; then echo "usage: $0 <service_account_name>" exit 1 fi SERVICE_ACCOUNT_NAME=$1 KUBECFG_FILE_NAME="/tmp/kube/k8s-${SERVICE_ACCOUNT_NAME}-conf" TARGET_FOLDER="/tmp/kube" create_target_folder() { echo -n "Creating target directory to hold files in ${TARGET_FOLDER}..." mkdir -p "${TARGET_FOLDER}" printf "done" } create_service_account() { echo -e "\\nCreating a service account: ${SERVICE_ACCOUNT_NAME}" kubectl create sa "${SERVICE_ACCOUNT_NAME}" } get_secret_name_from_service_account() { echo -e "\\nGetting secret of service account ${SERVICE_ACCOUNT_NAME}" SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" -o json | jq -r .secrets[].name) echo "Secret name: ${SECRET_NAME}" } extract_ca_crt_from_secret() { echo -e -n "\\nExtracting ca.crt from secret..." kubectl get secret "${SECRET_NAME}" -o json | jq \ -r '.data["ca.crt"]' | base64 -D > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { echo -e -n "\\nGetting user token from secret..." USER_TOKEN=$(kubectl get secret "${SECRET_NAME}" -o json | jq -r '.data["token"]' | base64 -D) printf "done" } set_kube_config_values() { context=$(kubectl config current-context) echo -e "\\nSetting current context to: $context" CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) echo "Cluster name: ${CLUSTER_NAME}" ENDPOINT=$(kubectl config view \ -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") echo "Endpoint: ${ENDPOINT}" # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-conf" echo -n "Setting a cluster entry in kubeconfig..." kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --server="${ENDPOINT}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true echo -n "Setting token credentials entry in kubeconfig..." kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${USER_TOKEN}" echo -n "Setting a context entry in kubeconfig..." kubectl config set-context \ "${SERVICE_ACCOUNT_NAME}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --cluster="${CLUSTER_NAME}" \ --user="${SERVICE_ACCOUNT_NAME}-${CLUSTER_NAME}" echo -n "Setting the current-context in the kubeconfig file..." kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } create_target_folder create_service_account get_secret_name_from_service_account extract_ca_crt_from_secret get_user_token_from_secret set_kube_config_values echo -e "\\nAll done! Testing..." echo "test command: KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods -
Aug 23, 2017 . No changes.There are no files selected for viewing
-
Aug 23, 2017 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 23, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,63 @@ #!/bin/bash # Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script) if [[ -z “$1” ]] || [[ -z “$2” ]];then echo “usage: $0 <username> <environment (stg|prod)>” exit 1 fi USER=$1 environment=$2 NAMESPACE=services-${environment} KUBECFG_FILE_NAME=/tmp/k8s-${USER}-${ENVIRONMENT}-conf S3_LOCATION=”s3://some-bucket/k8-configs/${KUBECFG_FILE_NAME}” echo “Creating a service account: ${USER}-${ENVIRONMENT}” kubectl create sa ${USER}-${ENVIRONMENT} echo -e “\nGetting secret of service account ${USER}-${ENVIRONMENT}” SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json | jq -r .secrets[].name) echo “secret = ${SECRET}” echo -e “\nExtracting ca.crt from secret” kubectl get secret ${SECRET} -o json | jq -r ‘.data[“ca.crt”]’ | base64 -D > ca.crt echo -e “\nGetting user token” USER_TOKEN=$(kubectl get secret ${SECRET} -o json | jq -r ‘.data[“token”]’ | base64 -D) c=`kubectl config current-context` echo -e “\nSetting current context to: $c” cluster_name=`kubectl config get-contexts $c | awk ‘{print $3}’ | tail -n 1` echo “cluster_name: ${CLUSTER_NAME}” endpoint=`kubectl config view -o jsonpath=”{.clusters[?(@.name == \”${CLUSTER_NAME}\”)].cluster.server}”` echo “endpoint: ${endpoint}” # Set up the config echo -e “\nPreparing k8s-${USER}-${ENVIRONMENT}-conf” echo “Setting a cluster entry in kubeconfig” # $KUBECONFIG environment variable sets the config in file path KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster ${CLUSTER_NAME} \ — embed-certs=true \ — server=${ENDPOINT} \ — certificate-authority=./ca.crt echo “Setting a user entry in kubeconfig” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} — token=${USER_TOKEN} echo “Setting a context entry in kubeconfig” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \ — cluster=${CLUSTER_NAME} \ — user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \ — namespace=${NAMESPACE} echo “Setting the current-context in the kubeconfig file” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} echo “Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}” aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION echo “done! Test with: “ echo “KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods”