Last active
May 7, 2021 03:10
-
-
Save marshallford/90015fa01e4b2c36f9cd50674da346e9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Requires: kubectl, jq | |
| # Strict bash mode | |
| # https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425 | |
| set -euo pipefail | |
| COMMAND_MISSING=0 | |
| for COMMAND in "kubectl" "jq" | |
| do | |
| if ! command -v "$COMMAND" &> /dev/null; then | |
| echo "Please install $COMMAND or verify it is in the PATH" | |
| COMMAND_MISSING=1 | |
| fi | |
| done | |
| if [ "$COMMAND_MISSING" -eq 1 ]; then | |
| exit 127 | |
| fi | |
| if [ "$#" -lt 2 ] || [ "$#" -gt 5 ]; then | |
| echo "Usage: $(basename "$0") <namespace> <service account> [cluster-name] [context-name] [context-to-use]" | |
| exit 1 | |
| fi | |
| NAMESPACE=$1 | |
| SA=$2 | |
| CLUSTER_NAME=${3:-} | |
| CONTEXT_NAME=${4:-} | |
| CONTEXT=${5:-} | |
| TEMPDIR=$( mktemp -d ) | |
| trap 'rm -rf $TEMPDIR' EXIT | |
| if [ -z "$CLUSTER_NAME" ]; then | |
| CLUSTER_NAME=default-cluster | |
| fi | |
| if [ -z "$CONTEXT_NAME" ]; then | |
| CONTEXT_NAME=$SA | |
| fi | |
| if [ -z "$CONTEXT" ]; then | |
| CONTEXT=$(kubectl config view -o json | jq -r '."current-context"') | |
| fi | |
| echo "using context: $CONTEXT" | |
| CONTEXT_CLUSTER_NAME=$(kubectl config view --raw --flatten -o json | jq -r --arg CONTEXT "$CONTEXT" '.contexts[] | select(.name==$CONTEXT) | .context.cluster') | |
| CLUSTER=$(kubectl config view --raw --flatten -o json | jq --arg CLUSTER "$CONTEXT_CLUSTER_NAME" '.clusters[] | select(.name==$CLUSTER) | .cluster') | |
| CLUSTER_URL=$(echo "$CLUSTER" | jq -r '.server') | |
| echo "$CLUSTER" | jq -r '."certificate-authority-data" // empty' | base64 -d > "$TEMPDIR"/ca.crt | |
| SA_SECRET=$(kubectl --context "$CONTEXT" get sa -n "$NAMESPACE" "$SA" -o json | jq -r '.secrets[0].name') | |
| TOKEN=$(kubectl --context "$CONTEXT" get secret -n "$NAMESPACE" "$SA_SECRET" -o json | jq -r '.data.token' | base64 -d) | |
| KUBECONFIG=kubeconfig | |
| kubectl config --kubeconfig=$KUBECONFIG set-cluster $CLUSTER_NAME --server="$CLUSTER_URL" | |
| if [ -s "$TEMPDIR"/ca.crt ]; then | |
| kubectl config --kubeconfig=$KUBECONFIG set-cluster $CLUSTER_NAME --certificate-authority="$TEMPDIR"/ca.crt --embed-certs=true | |
| else | |
| kubectl config --kubeconfig=$KUBECONFIG set-cluster $CLUSTER_NAME --insecure-skip-tls-verify=true | |
| fi | |
| kubectl config --kubeconfig=$KUBECONFIG set-credentials "$SA" --token="$TOKEN" | |
| kubectl config --kubeconfig=$KUBECONFIG set-context "$CONTEXT_NAME" --cluster=$CLUSTER_NAME --user="$SA" --namespace="$NAMESPACE" | |
| kubectl config --kubeconfig=$KUBECONFIG use-context "$CONTEXT_NAME" | |
| echo "kubeconfig written to file: \"$KUBECONFIG\"" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment