fgbreel/create_admin_user.sh

## create_admin_user.sh
#!/bin/bash
#
# Script based on https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html
#
# In honor of the remarkable Windson
#
# Modified by Gabriel Francisco to create cluster-admin users.

username=$1

if [ -z "$username" ]; then
	echo "Use "$(basename "$0")" USERNAME";
	exit 1;
fi

echo -e "
apiVersion: v1
kind: ServiceAccount
metadata:
  name: user-$username
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: user-$username-admin
  namespace: kube-system
subjects:
- kind: ServiceAccount
  name: user-$username
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin" | kubectl apply -f -

tokenName=$(kubectl get sa user-$username --namespace kube-system --output 'jsonpath={.secrets[0].name}')
token=$(kubectl get secret $tokenName --namespace kube-system --output "jsonpath={.data.token}" | base64 -d)
certificate=$(kubectl get secret $tokenName --namespace kube-system --output "jsonpath={.data['ca\.crt']}")

context_name="$(kubectl config current-context)"
cluster_name="$(kubectl config view --output "jsonpath={.contexts[?(@.name==\"${context_name}\")].context.cluster}")"
server_name="$(kubectl config view --output "jsonpath={.clusters[?(@.name==\"${cluster_name}\")].cluster.server}")"

echo -e "apiVersion: v1
kind: Config
preferences: {}
clusters:
- cluster:
    certificate-authority-data: $certificate
    server: $server_name
  name: cluster.example.com
users:
- name: user-$username
  user:
    as-user-extra: {}
    client-key-data: $certificate
    token: $token
contexts:
- context:
    cluster: cluster.example.com
    namespace: default
    user: user-$username
  name: cluster.example.com
current-context: cluster.example.com" > kubeconfig

echo "user-$username's kubeconfig was created into $(pwd)/kubeconfig"
echo "If you want to test execute this command \`KUBECONFIG=$(pwd)/kubeconfig kubectl get pods --all-namespaces\`"
	#!/bin/bash
	#
	# Script based on https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html
	#
	# In honor of the remarkable Windson
	#
	# Modified by Gabriel Francisco to create cluster-admin users.

	username=$1

	if [ -z "$username" ]; then
	echo "Use "$(basename "$0")" USERNAME";
	exit 1;
	fi

	echo -e "
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: user-$username
	namespace: kube-system
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: user-$username-admin
	namespace: kube-system
	subjects:
	- kind: ServiceAccount
	name: user-$username
	namespace: kube-system
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin" \| kubectl apply -f -

	tokenName=$(kubectl get sa user-$username --namespace kube-system --output 'jsonpath={.secrets[0].name}')
	token=$(kubectl get secret $tokenName --namespace kube-system --output "jsonpath={.data.token}" \| base64 -d)
	certificate=$(kubectl get secret $tokenName --namespace kube-system --output "jsonpath={.data['ca\.crt']}")

	context_name="$(kubectl config current-context)"
	cluster_name="$(kubectl config view --output "jsonpath={.contexts[?(@.name==\"${context_name}\")].context.cluster}")"
	server_name="$(kubectl config view --output "jsonpath={.clusters[?(@.name==\"${cluster_name}\")].cluster.server}")"

	echo -e "apiVersion: v1
	kind: Config
	preferences: {}
	clusters:
	- cluster:
	certificate-authority-data: $certificate
	server: $server_name
	name: cluster.example.com
	users:
	- name: user-$username
	user:
	as-user-extra: {}
	client-key-data: $certificate
	token: $token
	contexts:
	- context:
	cluster: cluster.example.com
	namespace: default
	user: user-$username
	name: cluster.example.com
	current-context: cluster.example.com" > kubeconfig

	echo "user-$username's kubeconfig was created into $(pwd)/kubeconfig"
	echo "If you want to test execute this command \`KUBECONFIG=$(pwd)/kubeconfig kubectl get pods --all-namespaces\`"