Skip to content

Instantly share code, notes, and snippets.

@kajov

kajov/k8s_permenant_kubeconf.sh

Created June 7, 2023 15:46
Show Gist options
  • Save kajov/4d3249988682c26bdd6994bf81418cc6 to your computer and use it in GitHub Desktop.
Save kajov/4d3249988682c26bdd6994bf81418cc6 to your computer and use it in GitHub Desktop.
Download ZIP
Create permenant kubernetes config while using temporary config
Raw
k8s_permenant_kubeconf.sh
#!/bin/bash
echo "Preparing key Variables"
export WORKDIR=./.kube-conf
export SERVICE_ACCOUNT="k8s-cluster-admin"
export NAMESPACE="kube-system"
echo "Creating Service account"
kubectl -n ${NAMESPACE} create serviceaccount ${SERVICE_ACCOUNT}
echo "Applying ClusterRoleBinding for cluster-admin"
cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ${SERVICE_ACCOUNT}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ${SERVICE_ACCOUNT}
subjects:
- kind: ServiceAccount
name: ${SERVICE_ACCOUNT}
namespace: ${NAMESPACE}
EOF
echo "applying cluster-admin secret for k8s v1.24+ "
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: ${SERVICE_ACCOUNT}
namespace: ${NAMESPACE}
annotations:
kubernetes.io/service-account.name: ${SERVICE_ACCOUNT}
type: kubernetes.io/service-account-token
EOF
echo "Setting up Environmental values needed for new kubeconfig"
export USER_TOKEN_NAME=$(kubectl -n ${NAMESPACE} get serviceaccount ${SERVICE_ACCOUNT} -o=jsonpath='{.secrets[0].name}')
export USER_TOKEN_VALUE=$(kubectl -n ${NAMESPACE} get secrets ${SERVICE_ACCOUNT} -o=go-template='{{.data.token}}' | base64 --decode)
export CURRENT_CONTEXT=$(kubectl config current-context)
export CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context "cluster" }}{{end}}{{end}}')
export CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')
export CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server }}{{end}}{{ end }}')
echo "Generating Kube config"
if [ -d ${WORKDIR} ];
then
echo "Removing existing Config file"
rm -f ${WORKDIR}/config
else
echo "Work Directory doesn't exist"
echo "Creating work Directory ${WORKDIR}"
mkdir -p ${WORKDIR}
echo "Done"
printf '\n'
echo "--------------------------------------"
printf '\n'
fi
printf '\n'
echo "--------------------------------------"
echo "Writing new config file"
cat <<EOF > ${WORKDIR}/config
apiVersion: v1
kind: Config
current-context: ${CURRENT_CONTEXT}
contexts:
- name: ${SERVICE_ACCOUNT}@${CURRENT_CONTEXT}
context:
cluster: ${CURRENT_CONTEXT}
user: ${SERVICE_ACCOUNT}
namespace: ${NAMESPACE}
clusters:
- name: ${CURRENT_CONTEXT}
cluster:
certificate-authority-data: ${CLUSTER_CA}
server: ${CLUSTER_SERVER}
users:
- name: ${SERVICE_ACCOUNT}
user:
token: ${USER_TOKEN_VALUE}
EOF
sleep 1s
chmod 444 ${WORKDIR}/config
echo "Your new kube config is ready in ${WORKDIR} "
#find ${WORKDIR} -type f -printf "%f\n"
printf '\n'
echo "--------------------------------------"
echo "Moving config into .kube folder of CLI user"
if [ -d ~/.kube ]
then
cp -f "${WORKDIR}/config" "${HOME}/.kube/new-config"
else
mkdir ~/.kube
cp -f "${WORKDIR}/config" "${HOME}/.kube/new-config"
fi
echo "new config moved to ${HOME}/.kube folder"
echo "⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄⌄"
printf '\n'
cat "${HOME}/.kube/new-config"
printf '\n'
echo "--------------------------------------"
printf '\n'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment