lucassrg/gitlab-k8s-connection-oke.sh

## gitlab-k8s-connection-oke.sh
#!/bin/bash

print_gitlab_config() {
  separator=-
  ca_row="| %-15s| %c\n"
  TableWidth=90
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "|%60s %26s\n" "GitLab K8s cluster integration - Connect existing cluster"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "| %-25s| %-40s \n" "Kubernetes cluster name" "${K8S_CLUSTER_NAME}"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "| %-25s| %-40s\n" "API URL" "${K8S_API_URL}"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "|%40s %46s\n" "CA Certificate"
  printf '%90s\n' | tr ' ' -
  printf "%-15s\n" "${K8S_CA_CERTIFICATE}"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "|%40s %46s\n" "Service Token"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  #printf "%20s\n" "$separator"
  printf "%-15s\n" "${GITLAB_AUTH_TOKEN}"
  printf "%${TableWidth}s\n" | tr ' ' $separator
  printf "%${TableWidth}s\n" | tr ' ' $separator
}

K8S_CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[].name}')

K8S_API_URL=$(kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}')
#printf "API URL:\n ${K8S_API_URL} \n"

K8S_DEFAULT_SECRET_NAME=$(kubectl get secrets | awk '/default-token/ {print $1}')

K8S_CA_CERTIFICATE=$(kubectl get secret ${K8S_DEFAULT_SECRET_NAME} -o jsonpath="{['data']['ca\.crt']}" | base64 --decode)
#printf "CA CERTIFICATE:\n $K8S_CA_CERTIFICATE \n"


cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system
EOF

IS_GITLAB_ADMIN_VALID=$(kubectl auth can-i get pods --as=system:serviceaccount:kube-system:gitlab)

if [ "yes" == ${IS_GITLAB_ADMIN_VALID} ];
then
   GITLAB_SECRET_NAME=$(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')

   GITLAB_AUTH_TOKEN=$(kubectl get secrets ${GITLAB_SECRET_NAME}  -o=jsonpath='{.data.token}' -n kube-system | base64 -D)
 #  printf "SERVICE TOKEN:\n ${GITLAB_AUTH_TOKEN} \n"

   print_gitlab_config

else
  echo "gitlab-admin user do not have permission to manage cluster. RBAC enabled? Verify ClusterRoleBinding. Aborting..."
  exit 1
fi
	#!/bin/bash

	print_gitlab_config() {
	separator=-
	ca_row="\| %-15s\| %c\n"
	TableWidth=90
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "\|%60s %26s\n" "GitLab K8s cluster integration - Connect existing cluster"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "\| %-25s\| %-40s \n" "Kubernetes cluster name" "${K8S_CLUSTER_NAME}"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "\| %-25s\| %-40s\n" "API URL" "${K8S_API_URL}"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "\|%40s %46s\n" "CA Certificate"
	printf '%90s\n' \| tr ' ' -
	printf "%-15s\n" "${K8S_CA_CERTIFICATE}"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "\|%40s %46s\n" "Service Token"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	#printf "%20s\n" "$separator"
	printf "%-15s\n" "${GITLAB_AUTH_TOKEN}"
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	printf "%${TableWidth}s\n" \| tr ' ' $separator
	}

	K8S_CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[].name}')

	K8S_API_URL=$(kubectl cluster-info \| grep -E 'Kubernetes master\|Kubernetes control plane' \| awk '/http/ {print $NF}')
	#printf "API URL:\n ${K8S_API_URL} \n"

	K8S_DEFAULT_SECRET_NAME=$(kubectl get secrets \| awk '/default-token/ {print $1}')

	K8S_CA_CERTIFICATE=$(kubectl get secret ${K8S_DEFAULT_SECRET_NAME} -o jsonpath="{['data']['ca\.crt']}" \| base64 --decode)
	#printf "CA CERTIFICATE:\n $K8S_CA_CERTIFICATE \n"


	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: gitlab
	namespace: kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: gitlab-admin
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: cluster-admin
	subjects:
	- kind: ServiceAccount
	name: gitlab
	namespace: kube-system
	EOF

	IS_GITLAB_ADMIN_VALID=$(kubectl auth can-i get pods --as=system:serviceaccount:kube-system:gitlab)

	if [ "yes" == ${IS_GITLAB_ADMIN_VALID} ];
	then
	GITLAB_SECRET_NAME=$(kubectl -n kube-system get secret \| grep gitlab \| awk '{print $1}')

	GITLAB_AUTH_TOKEN=$(kubectl get secrets ${GITLAB_SECRET_NAME} -o=jsonpath='{.data.token}' -n kube-system \| base64 -D)
	# printf "SERVICE TOKEN:\n ${GITLAB_AUTH_TOKEN} \n"

	print_gitlab_config

	else
	echo "gitlab-admin user do not have permission to manage cluster. RBAC enabled? Verify ClusterRoleBinding. Aborting..."
	exit 1
	fi