Kubectl add user 1.5

add-user.sh

#!/bin/bash
# Add user to k8s 1.5 using service account, no RBAC (unsafe)

if [[ -z "$1" ]] ;then
  echo "usage: $0 <username>"
  exit 1
fi

user=$1
kubectl create sa ${user}
secret=$(kubectl get sa ${user} -o json | jq -r .secrets[].name)
echo "secret = ${secret}"

kubectl get secret ${secret} -o json | jq -r '.data["ca.crt"]' | base64 -D > ca.crt
user_token=$(kubectl get secret ${secret} -o json | jq -r '.data["token"]' | base64 -D)
echo "token = ${user_token}"

c=`kubectl config current-context`
echo "context = $c"

cluster_name=`kubectl config get-contexts $c | awk '{print $3}' | tail -n 1`
echo "cluster_name= ${cluster_name}"

endpoint=`kubectl config view -o jsonpath="{.clusters[?(@.name == \"${cluster_name}\")].cluster.server}"`
echo "endpoint = ${endpoint}"

# Set up the config
KUBECONFIG=k8s-${user}-conf kubectl config set-cluster ${cluster_name} \
    --embed-certs=true \
    --server=${endpoint} \
    --certificate-authority=./ca.crt
echo ">>>>>>>>>>>>ca.crt"
cat ca.crt
echo "<<<<<<<<<<<<ca.crt"
echo ">>>>>>>>>>>>${user}-setup.sh"
echo kubectl config set-cluster ${cluster_name} \
    --embed-certs=true \
    --server=${endpoint} \
    --certificate-authority=./ca.crt
echo kubectl config set-credentials ${user}-${cluster_name#cluster-} --token=${user_token}
echo kubectl config set-context ${user}-${cluster_name#cluster-} \
    --cluster=${cluster_name} \
    --user=${user}-${cluster_name#cluster-}
echo kubectl config use-context ${user}-${cluster_name#cluster-}
echo "<<<<<<<<<<<<${user}-setup.sh"

echo "...preparing k8s-${user}-conf"
KUBECONFIG=k8s-${user}-conf kubectl config set-credentials ${user}-${cluster_name#cluster-} --token=${user_token}
KUBECONFIG=k8s-${user}-conf kubectl config set-context ${user}-${cluster_name#cluster-} \
    --cluster=${cluster_name} \
    --user=${user}-${cluster_name#cluster-}
KUBECONFIG=k8s-${user}-conf kubectl config use-context ${user}-${cluster_name#cluster-}

echo "done! Test with: "
echo "KUBECONFIG=k8s-${user}-conf kubectl get no"

using jq version which has base64d function to decode base64 strings

$ jq --version
jq-1.6

and with_entries on the values, we can fetch all data quickly:

sa_name="droneio"

cluster_name="mycluster"
cluster_domain="example.com"

# we name our context by domain, so our context name is:
my_context="${cluster_name}.${cluster_domain}"

sa_secret=$(kubectl get --context ${my_context} sa ${sa_name} -o json | jq -r .secrets[0].name)
kubectl --context  ${my_context} get secret ${sa_secret} -o json | jq '.data | with_entries(.value |= @base64d)'

or just use a golang tool to automate Repository configuration - https://github.com/honestbee/devops-tools/tree/master/drone-kubeconfig#drone-kubeconfig

btw, to decrypt a kube secret with jq - just use map_values(@base64d) instead of with_entries(.value |= @base64d)

To make this compatible with different versions of base64, use the --decode flag instead of -D.