Skip to content

Instantly share code, notes, and snippets.

@ericchiang

ericchiang/k8s-service-account-kubeconfig.sh

Created November 1, 2017 15:23
Show Gist options
  • Star 33 You must be signed in to star a gist
  • Fork 14 You must be signed in to fork a gist
  • Save ericchiang/d2a838ddad3f44436ae001a342e1001e to your computer and use it in GitHub Desktop.
Save ericchiang/d2a838ddad3f44436ae001a342e1001e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k8s-service-account-kubeconfig.sh
#!/bin/bash -e
# Usage ./k8s-service-account-kubeconfig.sh ( namespace ) ( service account name )
TEMPDIR=$( mktemp -d )
trap "{ rm -rf $TEMPDIR ; exit 255; }" EXIT
SA_SECRET=$( kubectl get sa -n $1 $2 -o jsonpath='{.secrets[0].name}' )
# Pull the bearer token and cluster CA from the service account secret.
BEARER_TOKEN=$( kubectl get secrets -n $1 $SA_SECRET -o jsonpath='{.data.token}' | base64 -d )
kubectl get secrets -n $1 $SA_SECRET -o jsonpath='{.data.ca\.crt}' | base64 -d > $TEMPDIR/ca.crt
CLUSTER_URL=$( kubectl config view -o jsonpath='{.clusters[0].cluster.server}' )
KUBECONFIG=kubeconfig
kubectl config --kubeconfig=$KUBECONFIG \
set-cluster \
$CLUSTER_URL \
--server=$CLUSTER_URL \
--certificate-authority=$TEMPDIR/ca.crt \
--embed-certs=true
kubectl config --kubeconfig=$KUBECONFIG \
set-credentials $2 --token=$BEARER_TOKEN
kubectl config --kubeconfig=$KUBECONFIG \
set-context registry \
--cluster=$CLUSTER_URL \
--user=$2
kubectl config --kubeconfig=$KUBECONFIG \
use-context registry
echo "kubeconfig written to file \"$KUBECONFIG\""
@themightychris
Copy link

I found this very helpful! I've hardened it a bit and made an installable command of it: https://github.com/JarvusInnovations/mkkubeconfig

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment