arsham/kubernetes_access_remote.sh

## kubernetes_access_remote.sh
##################
### BETTER WAY ###
##################

cat <<EOF | kubectl apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-role
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
EOF

cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-rolebinding
subjects:
- kind: User
  name: arsham
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: admin-role
  apiGroup: rbac.authorization.k8s.io
EOF


# On local machine:
openssl genrsa -out arsham.key 4096
openssl req -new -key arsham.key -out arsham.csr -subj '/CN=arsham/O=admin'
# CN is the user, and O is the group.
# Copy arsham.csr to the server.

# On server:
REMOTE_IP=<ip address of the remote server>
CALOCATION=/etc/kubernetes/pki
sudo openssl x509 -req -in arsham.csr -CA $CALOCATION/ca.crt -CAkey $CALOCATION/ca.key -CAcreateserial -out arsham.crt -days 365

kubectl config --kubeconfig=config set-cluster production --certificate-authority=$CALOCATION/ca.crt --embed-certs=true --server=https://$REMOTE_IP:6443
kubectl config --kubeconfig=config set-context admin-prod --cluster=production --user=arsham
kubectl config --kubeconfig=config set-credentials arsham --client-certificate=arsham.crt --embed-certs=true

# Copy the config and crt file to the local machine.
kubectl config --kubeconfig=config set-credentials arsham --client-key=arsham.key --embed-certs=true

##################
### WITH TOKEN ###
##################

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: arsham
  namespace: kube-system
EOF

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: arsham
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: arsham
  namespace: kube-system
EOF

kubectl config set-cluster production --server=https://$REMOTE_IP:6443 --insecure-skip-tls-verify=true
kubectl config --kubeconfig=config set-cluster production --server=https://$REMOTE_IP:6443 --insecure-skip-tls-verify=true
TOKEN=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/^arsham-token-/{print $1}') | awk '$1=="token:"{print $2}')
kubectl config --kubeconfig=config set-credentials arsham --token=$TOKEN
kubectl config --kubeconfig=config set-context admin-prod --cluster=production --namespace=default --user=arsham
	##################
	### BETTER WAY ###
	##################

	cat <<EOF \| kubectl apply -f -
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: admin-role
	rules:
	- apiGroups: ["*"]
	resources: ["*"]
	verbs: ["*"]
	EOF

	cat <<EOF \| kubectl apply -f -
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: admin-rolebinding
	subjects:
	- kind: User
	name: arsham
	apiGroup: rbac.authorization.k8s.io
	roleRef:
	kind: ClusterRole
	name: admin-role
	apiGroup: rbac.authorization.k8s.io
	EOF


	# On local machine:
	openssl genrsa -out arsham.key 4096
	openssl req -new -key arsham.key -out arsham.csr -subj '/CN=arsham/O=admin'
	# CN is the user, and O is the group.
	# Copy arsham.csr to the server.

	# On server:
	REMOTE_IP=<ip address of the remote server>
	CALOCATION=/etc/kubernetes/pki
	sudo openssl x509 -req -in arsham.csr -CA $CALOCATION/ca.crt -CAkey $CALOCATION/ca.key -CAcreateserial -out arsham.crt -days 365

	kubectl config --kubeconfig=config set-cluster production --certificate-authority=$CALOCATION/ca.crt --embed-certs=true --server=https://$REMOTE_IP:6443
	kubectl config --kubeconfig=config set-context admin-prod --cluster=production --user=arsham
	kubectl config --kubeconfig=config set-credentials arsham --client-certificate=arsham.crt --embed-certs=true

	# Copy the config and crt file to the local machine.
	kubectl config --kubeconfig=config set-credentials arsham --client-key=arsham.key --embed-certs=true

	##################
	### WITH TOKEN ###
	##################

	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: arsham
	namespace: kube-system
	EOF

	cat <<EOF \| kubectl apply -f -
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: arsham
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: arsham
	namespace: kube-system
	EOF

	kubectl config set-cluster production --server=https://$REMOTE_IP:6443 --insecure-skip-tls-verify=true
	kubectl config --kubeconfig=config set-cluster production --server=https://$REMOTE_IP:6443 --insecure-skip-tls-verify=true
	TOKEN=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret \| awk '/^arsham-token-/{print $1}') \| awk '$1=="token:"{print $2}')
	kubectl config --kubeconfig=config set-credentials arsham --token=$TOKEN
	kubectl config --kubeconfig=config set-context admin-prod --cluster=production --namespace=default --user=arsham