Forked from vdboor/kubernetes_add_service_account_kubeconfig.sh
Created
January 18, 2018 22:18
-
-
Save verchol/1e97e4f444ad4f3617c34d785da186c2 to your computer and use it in GitHub Desktop.
Revisions
-
innovia revised this gist
Aug 23, 2017 . No changes.There are no files selected for viewing
-
Aug 23, 2017 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 23, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,63 @@ #!/bin/bash # Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script) if [[ -z “$1” ]] || [[ -z “$2” ]];then echo “usage: $0 <username> <environment (stg|prod)>” exit 1 fi USER=$1 environment=$2 NAMESPACE=services-${environment} KUBECFG_FILE_NAME=/tmp/k8s-${USER}-${ENVIRONMENT}-conf S3_LOCATION=”s3://some-bucket/k8-configs/${KUBECFG_FILE_NAME}” echo “Creating a service account: ${USER}-${ENVIRONMENT}” kubectl create sa ${USER}-${ENVIRONMENT} echo -e “\nGetting secret of service account ${USER}-${ENVIRONMENT}” SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json | jq -r .secrets[].name) echo “secret = ${SECRET}” echo -e “\nExtracting ca.crt from secret” kubectl get secret ${SECRET} -o json | jq -r ‘.data[“ca.crt”]’ | base64 -D > ca.crt echo -e “\nGetting user token” USER_TOKEN=$(kubectl get secret ${SECRET} -o json | jq -r ‘.data[“token”]’ | base64 -D) c=`kubectl config current-context` echo -e “\nSetting current context to: $c” cluster_name=`kubectl config get-contexts $c | awk ‘{print $3}’ | tail -n 1` echo “cluster_name: ${CLUSTER_NAME}” endpoint=`kubectl config view -o jsonpath=”{.clusters[?(@.name == \”${CLUSTER_NAME}\”)].cluster.server}”` echo “endpoint: ${endpoint}” # Set up the config echo -e “\nPreparing k8s-${USER}-${ENVIRONMENT}-conf” echo “Setting a cluster entry in kubeconfig” # $KUBECONFIG environment variable sets the config in file path KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster ${CLUSTER_NAME} \ — embed-certs=true \ — server=${ENDPOINT} \ — certificate-authority=./ca.crt echo “Setting a user entry in kubeconfig” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} — token=${USER_TOKEN} echo “Setting a context entry in kubeconfig” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \ — cluster=${CLUSTER_NAME} \ — user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \ — namespace=${NAMESPACE} echo “Setting the current-context in the kubeconfig file” KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} echo “Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}” aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION echo “done! Test with: “ echo “KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods”