Last active
January 9, 2021 07:23
-
-
Save sat0yu/b2f268a35ebec1ebdea9a720d1d95674 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -eux | |
if [ $# -ne 3 ]; then | |
echo "./generate.sh USER_NAME CLUSTER_NAME HOSTNAME" 1>&2 | |
exit 1 | |
fi | |
USER_NAME=$1 | |
CLUSTER_NAME=$2 | |
HOSTNAME=$3 | |
mkdir $USER_NAME && cd $USER_NAME | |
openssl genrsa -out $USER_NAME.pem 2048 | |
openssl req -new -key $USER_NAME.pem -out $USER_NAME.csr -subj "/CN=${USER_NAME}/O=homma:admin" | |
REQUEST=`cat $USER_NAME.csr | base64 -w 0` | |
cat << EOS > homma_admin.yaml | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: homma-admin | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- apiGroup: rbac.authorization.k8s.io | |
kind: Group | |
name: homma:admin | |
EOS | |
cat << EOS > $USER_NAME.csr.yaml | |
apiVersion: certificates.k8s.io/v1 | |
kind: CertificateSigningRequest | |
metadata: | |
name: user-request-$USER_NAME | |
spec: | |
groups: | |
- system:authenticated | |
request: $REQUEST | |
signerName: kubernetes.io/kube-apiserver-client | |
usages: | |
- digital signature | |
- key encipherment | |
- client auth | |
EOS | |
sudo minikube kubectl -- apply -f homma_admin.yaml | |
sudo minikube kubectl -- create -f $USER_NAME.csr.yaml | |
sudo minikube kubectl -- certificate approve user-request-$USER_NAME | |
sudo minikube kubectl -- get csr user-request-$USER_NAME -o jsonpath='{.status.certificate}' | base64 -d > $USER_NAME.crt | |
CONTEXT_NAME=$CLUSTER_NAME | |
cat << EOS > install.sh | |
kubectl config set-cluster $CLUSTER_NAME --insecure-skip-tls-verify=true --server=https://$HOSTNAME:8443 | |
kubectl config set-credentials $USER_NAME --client-certificate=$USER_NAME.crt --client-key=$USER_NAME.pem --embed-certs=true | |
kubectl config set-context $CONTEXT_NAME --cluster=$CLUSTER_NAME --user=$USER_NAME | |
kubectl config use-context $CONTEXT_NAME | |
EOS | |
cd .. | |
zip -r $USER_NAME.zip $USER_NAME | |
rm -rf $USER_NAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment