Last active
April 11, 2021 15:15
-
-
Save mlbiam/50ad8287497383adab022ccac896b126 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import jwt | |
import yaml | |
from uuid import uuid4 | |
import datetime | |
import sys | |
import json | |
import tempfile | |
from os import system | |
# Generate a kubernetes configuration from a private key | |
# Arguments: | |
# - path to values.yaml | |
# - path to CA for openunison proxy ingress | |
# - path to private key | |
# - number of seconds generated token should be valid | |
print("loading values.yaml : " + sys.argv[1]) | |
values_yaml = open(sys.argv[1]).read() | |
values_json = yaml.load(values_yaml) | |
print("remote tls certificate : " + sys.argv[2]) | |
cmd = "kubectl config set-cluster remote-proxy --server=https://" + values_json["services"]["api_server_host"] + " --certificate-authority=" + sys.argv[2] + " --embed-certs=true" | |
system(cmd) | |
cmd = "kubectl config set-context remote-proxy --cluster=remote-proxy --user=" + values_json["services"]["issuer_url"] | |
system(cmd) | |
print("loading private key : " + sys.argv[3] ) | |
private_key = open(sys.argv[3]).read() | |
print("creating jwt") | |
jwt_claims = { | |
'sub': values_json["services"]["issuer_url"], | |
'iss': values_json["services"]["issuer_url"], | |
'aud':'kubernetes', | |
'jti':str(uuid4()), | |
'iat':datetime.datetime.utcnow(), | |
'exp':datetime.datetime.utcnow() + datetime.timedelta(seconds=int(sys.argv[4])), | |
'nbf':datetime.datetime.utcnow() - datetime.timedelta(seconds=60) | |
} | |
signed_jwt = jwt.encode(jwt_claims,key=private_key,algorithm='RS256') | |
cmd = "kubectl config set-credentials " + values_json["services"]["issuer_url"] + " --token=" + signed_jwt.decode("utf-8") | |
system(cmd) | |
cmd = "kubectl config use-context remote-proxy" | |
system(cmd) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment