Created
September 12, 2020 19:42
-
-
Save mikesparr/a818aedfe4332e1142629f9fb25859a9 to your computer and use it in GitHub Desktop.
Anthos GKE on AWS (connect)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # https://cloud.google.com/anthos/gke/docs/aws/how-to/connecting-to-a-cluster | |
| # from setup-02-mgmt.sh | |
| unset HTTP_PROXY # reset | |
| export NODE_KEY_PATH=$(PWD)/node-key.json | |
| export GOOGLE_APPLICATION_CREDENTIALS=$NODE_KEY_PATH | |
| # make sure bastion_tunnel.sh is running | |
| ./bastion-tunnel.sh -N & | |
| # set HTTP_PROXY env var (for kubectl operations) | |
| export HTTP_PROXY=http://localhost:8118 # you will have to unset this if running TF | |
| # make sure your context is the new cluster-0 | |
| anthos-gke aws clusters get-credentials cluster-0 | |
| # create admin service account | |
| kubectl create serviceaccount -n kube-system admin-user | |
| # create cluster role binding for admin SA | |
| kubectl create clusterrolebinding admin-user-binding \ | |
| --clusterrole cluster-admin --serviceaccount kube-system:admin-user | |
| # set secret name as env var | |
| export SECRET_NAME=$(kubectl get serviceaccount -n kube-system admin-user \ | |
| -o jsonpath='{$.secrets[0].name}') | |
| echo "Captured secret name: ${SECRET_NAME}" | |
| # print token and copy/paste to authenticate GKE console (on GCP side) | |
| kubectl get secret -n kube-system ${SECRET_NAME} -o jsonpath='{$.data.token}' \ | |
| | base64 -d | sed $'s/$/\\\n/g' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment