Skip to content

Instantly share code, notes, and snippets.

@marvell
Created August 18, 2021 14:44
Show Gist options
  • Save marvell/23515c1d2c4e6ded56bbe3eb96a2ef57 to your computer and use it in GitHub Desktop.
Save marvell/23515c1d2c4e6ded56bbe3eb96a2ef57 to your computer and use it in GitHub Desktop.
Generate KUBECONFIG for Yandex.Cloud Managed Kubernetes. https://cloud.yandex.ru/docs/managed-kubernetes/operations/create-static-conf
#!/bin/bash
FOLDER_ID=<FOLDER_ID>
CLUSTER_ID=<CLUSTER_ID>
CLUSTER_NAME=<CLUSTER_NAME>
DIR=./$CLUSTER_NAME
set -xe
mkdir -p $DIR
yc --folder-id=$FOLDER_ID managed-kubernetes cluster get --id $CLUSTER_ID --format json | \
jq -r .master.master_auth.cluster_ca_certificate | \
awk '{gsub(/\\n/,"\n")}1' > $DIR/ca.pem
kubectl create -f ./sa.yaml
SA_TOKEN=$(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | \
grep admin-user | \
awk '{print $1}') -o json | \
jq -r .data.token | \
base64 --d)
MASTER_ENDPOINT=$(yc --folder-id=$FOLDER_ID managed-kubernetes cluster get --id $CLUSTER_ID \
--format json | \
jq -r .master.endpoints.internal_v4_endpoint)
kubectl config set-cluster $CLUSTER_NAME \
--certificate-authority=$DIR/ca.pem --embed-certs \
--server=$MASTER_ENDPOINT \
--kubeconfig=$DIR/config.yaml
kubectl config set-credentials admin-user \
--token=$SA_TOKEN \
--kubeconfig=$DIR/config.yaml
kubectl config set-context $CLUSTER_NAME \
--cluster=$CLUSTER_NAME \
--user=admin-user \
--kubeconfig=$DIR/config.yaml
kubectl config use-context $CLUSTER_NAME \
--kubeconfig=$DIR/config.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment