Created
June 17, 2021 01:50
-
-
Save lucassrg/57514fed7f5d8f13ff52fb7593cf8b11 to your computer and use it in GitHub Desktop.
Creates Service Token for GitLab integration with K8s - OKE Cluster - Oracle Cloud Infrastructure (requires kubectl)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
print_gitlab_config() { | |
separator=- | |
ca_row="| %-15s| %c\n" | |
TableWidth=90 | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "|%60s %26s\n" "GitLab K8s cluster integration - Connect existing cluster" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "| %-25s| %-40s \n" "Kubernetes cluster name" "${K8S_CLUSTER_NAME}" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "| %-25s| %-40s\n" "API URL" "${K8S_API_URL}" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "|%40s %46s\n" "CA Certificate" | |
printf '%90s\n' | tr ' ' - | |
printf "%-15s\n" "${K8S_CA_CERTIFICATE}" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "|%40s %46s\n" "Service Token" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
#printf "%20s\n" "$separator" | |
printf "%-15s\n" "${GITLAB_AUTH_TOKEN}" | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
printf "%${TableWidth}s\n" | tr ' ' $separator | |
} | |
K8S_CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[].name}') | |
K8S_API_URL=$(kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}') | |
#printf "API URL:\n ${K8S_API_URL} \n" | |
K8S_DEFAULT_SECRET_NAME=$(kubectl get secrets | awk '/default-token/ {print $1}') | |
K8S_CA_CERTIFICATE=$(kubectl get secret ${K8S_DEFAULT_SECRET_NAME} -o jsonpath="{['data']['ca\.crt']}" | base64 --decode) | |
#printf "CA CERTIFICATE:\n $K8S_CA_CERTIFICATE \n" | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: gitlab | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: gitlab-admin | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: gitlab | |
namespace: kube-system | |
EOF | |
IS_GITLAB_ADMIN_VALID=$(kubectl auth can-i get pods --as=system:serviceaccount:kube-system:gitlab) | |
if [ "yes" == ${IS_GITLAB_ADMIN_VALID} ]; | |
then | |
GITLAB_SECRET_NAME=$(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}') | |
GITLAB_AUTH_TOKEN=$(kubectl get secrets ${GITLAB_SECRET_NAME} -o=jsonpath='{.data.token}' -n kube-system | base64 -D) | |
# printf "SERVICE TOKEN:\n ${GITLAB_AUTH_TOKEN} \n" | |
print_gitlab_config | |
else | |
echo "gitlab-admin user do not have permission to manage cluster. RBAC enabled? Verify ClusterRoleBinding. Aborting..." | |
exit 1 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment