Kubernetes Administration Helpers

create_new_user.sh

#!/usr/bin/env bash

USERNAME="yuriy"
GROUP="wr"

CA_DIR="/etc/kubernetes/pki"
USER_CERTS_DIR="/home/$USERNAME/.certs"

mkdir -p $USER_CERTS_DIR
pushd $USER_CERTS_DIR

openssl genrsa -out "$USERNAME.key" 2048
openssl req -new -key "$USERNAME.key" -out "$USERNAME.csr" -subj "/CN=$USERNAME/O=$GROUP"
openssl x509 -req -in "$USERNAME.csr" -CA "$CA_DIR/ca.crt" -CAkey "$CA_DIR/ca.key" -CAcreateserial -out "$USERNAME.crt" -days 365

popd

namespace_with_roles.yaml

kind: Namespace
apiVersion: v1
metadata:
  name: development

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: development
  name: development-admin
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: development
  name: deployment-admin-binding
subjects:
  - kind: User
    name: yuriy
    apiGroup: ""
roleRef:
  kind: Role
  name: development-admin
  apiGroup: ""

scp_creds_and_add_kubectl.sh

#!/usr/bin/env bash

USERNAME=yuriy
GROUP=wr

REMOTE_CA_CERT_PATH=/etc/kubernetes/pki/ca.crt
REMOTE_CERTS_DIR=/home/$USERNAME/.certs
LOCAL_CERTS_DIR=~/.ssh/$GROUP-kube-$USERNAME
CLUSTER_IP=159.65.252.151

mkdir -p $LOCAL_CERTS_DIR

scp -r -i ~/.ssh/id_rsa "root@$CLUSTER_IP:$REMOTE_CERTS_DIR/*" $LOCAL_CERTS_DIR
scp -i ~/.ssh/id_rsa "root@$CLUSTER_IP:$REMOTE_CA_CERT_PATH" $LOCAL_CERTS_DIR

kubectl config set-cluster $GROUP-kube --server=https://$CLUSTER_IP:6443 --certificate-authority=$LOCAL_CERTS_DIR/ca.crt
kubectl config set-credentials $USERNAME --client-certificate=$LOCAL_CERTS_DIR/$USERNAME.crt  --client-key=$LOCAL_CERTS_DIR/$USERNAME.key
kubectl config set-context $USERNAME-kube-context --cluster=$GROUP-kube --namespace=development --user=$USERNAME
kubectl config use-context $USERNAME-kube-context