Forked from superseb/create_user_and_kubeconfig_rancher2.sh
Created
February 23, 2021 21:40
-
-
Save dkhode/81438f0417611cb8a36aec805167e123 to your computer and use it in GitHub Desktop.
Create local user and generate kubeconfig in Rancher 2 via API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RANCHERENDPOINT=https://your_rancher_endpoint/v3 | |
| # The name of the cluster where the user needs to be added | |
| CLUSTERNAME=your_cluster_name | |
| # Username, password and realname of the user | |
| USERNAME=username | |
| PASSWORD=password | |
| REALNAME=myrealname | |
| # Role of the user | |
| GLOBALROLE=user | |
| CLUSTERROLE=cluster-member | |
| # Admin bearer token to create user | |
| ADMINBEARERTOKEN=token-xxxxx:x | |
| # Create user and assign role | |
| USERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/user -H 'content-type: application/json' --data-binary '{"me":false,"mustChangePassword":false,"type":"user","username":"'$USERNAME'","password":"'$PASSWORD'","name":"'$REALNAME'"}' --insecure | jq -r .id` | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/globalrolebinding -H 'content-type: application/json' --data-binary '{"type":"globalRoleBinding","globalRoleId":"'$GLOBALROLE'","userId":"'$USERID'"}' --insecure | |
| # Get clusterid from name | |
| CLUSTERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusters?name=$CLUSTERNAME --insecure | jq -r .data[].id` | |
| # Add user as member to cluster | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusterroletemplatebinding -H 'content-type: application/json' --data-binary '{"type":"clusterRoleTemplateBinding","clusterId":"'$CLUSTERID'","userPrincipalId":"local://'$USERID'","roleTemplateId":"'$CLUSTERROLE'"}' --insecure | |
| # Login as user and get usertoken | |
| LOGINRESPONSE=`curl -s $RANCHERENDPOINT-public/localProviders/local?action=login -H 'content-type: application/json' --data-binary '{"username":"'$USERNAME'","password":"'$PASSWORD'"}' --insecure` | |
| USERTOKEN=`echo $LOGINRESPONSE | jq -r .token` | |
| # Generate and save kubeconfig | |
| curl -s -u $USERTOKEN $RANCHERENDPOINT/clusters/$CLUSTERID?action=generateKubeconfig -X POST -H 'content-type: application/json' --insecure | jq -r .config > kubeconfig | |
| # Set mustChangePassword to true for user to change password upon login | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/users/$USERID -X PUT -H 'content-type: application/json' --data-binary '{"mustChangePassword":true}' --insecure |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment