Skip to content

Instantly share code, notes, and snippets.

@c9s
Created February 22, 2019 10:30
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save c9s/7e59a14bb79ea934c72bf93b5c76d156 to your computer and use it in GitHub Desktop.
Save c9s/7e59a14bb79ea934c72bf93b5c76d156 to your computer and use it in GitHub Desktop.
#!/bin/bash
set -e
##
# Usage:
#
# $0 [cluster name] [user name] [output dir]
##
usage()
{
echo "Usage: $0 [cluster name] [user name] [output dir]"
exit -1
}
if [[ $# -lt 3 ]] ; then
usage
fi
clustername=$1
username=$2
output_dir=$3
if [[ -z "$output_dir" ]] ; then
usage
fi
if [[ -z $KUBECONFIG ]] ; then
KUBECONFIG=~/.kube/config
fi
clusterquery='.clusters[] | select(.name | contains("'$clustername'"))'
if [[ -z "$(cat $KUBECONFIG | yq -r "$clusterquery")" ]] ; then
echo "cluster $clustername does not exist"
exit -1
fi
userquery='.users[] | select(.name | contains("'$username'"))'
if [[ -z "$(cat $KUBECONFIG | yq -r "$userquery")" ]] ; then
echo "user $username does not exist"
exit -1
fi
mkdir -p $output_dir
echo "Exporting $output_dir/url"
cat $KUBECONFIG \
| yq -r '.clusters[] | select(.name | contains("'$clustername'")) | .cluster.server' \
> $output_dir/url
echo "Exported $output_dir/url"
echo "Exporting $output_dir/ca.crt"
certificateAuthorityData=$(cat $KUBECONFIG | yq -r '.clusters[] | select(.name | contains("'$clustername'")) | .cluster["certificate-authority-data"]')
if [[ $certificateAuthorityData == "null" ]] ; then
certificateAuthorityFile=$(cat $KUBECONFIG | yq -r '.clusters[] | select(.name | contains("'$clustername'")) | .cluster["certificate-authority"]')
cp -v $certificateAuthorityFile $output_dir/ca.crt
else
echo "$certificateAuthorityData" > $output_dir/ca.crt
fi
echo "Exporting client-key..."
clientKeyFile=$(cat $KUBECONFIG | yq -r '.users[] | select(.name | contains("'$username'")) | .user["client-key"]')
if [[ $clientKeyFile != "null" && -f $clientKeyFile ]] ; then
cp -v $clientKeyFile $output_dir/client.key
else
cat $KUBECONFIG \
| yq -r '.users[] | select(.name | contains("'$username'")) | .user["client-key-data"]' \
| base64 --decode \
> $output_dir/client.key
fi
echo "Exporting client-certificate..."
clientCertificateFile=$(cat $KUBECONFIG \
| yq -r '.users[] | select(.name | contains("'$username'")) | .user["client-certificate"]')
if [[ $clientCertificateFile != "null" && -f $clientCertificateFile ]] ; then
cp -v $clientCertificateFile $output_dir/client.crt
else
cat $KUBECONFIG \
| yq -r '.users[] | select(.name | contains("'$username'")) | .user["client-certificate-data"]' \
| base64 --decode \
> $output_dir/client.crt
fi
echo "Exporting $output_dir/ca.crt"
(cd $output_dir \
&& openssl pkcs12 -export -out cert.pfx -inkey client.key -in client.crt -certfile ca.crt)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment