Last active
November 1, 2023 18:51
-
-
Save superseb/cad9b87c844f166b9c9bf97f5dea1609 to your computer and use it in GitHub Desktop.
Create local user and generate kubeconfig in Rancher 2 via API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RANCHERENDPOINT=https://your_rancher_endpoint/v3 | |
| # The name of the cluster where the user needs to be added | |
| CLUSTERNAME=your_cluster_name | |
| # Username, password and realname of the user | |
| USERNAME=username | |
| PASSWORD=password | |
| REALNAME=myrealname | |
| # Role of the user | |
| GLOBALROLE=user | |
| CLUSTERROLE=cluster-member | |
| # Admin bearer token to create user | |
| ADMINBEARERTOKEN=token-xxxxx:x | |
| # Create user and assign role | |
| USERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/user -H 'content-type: application/json' --data-binary '{"me":false,"mustChangePassword":false,"type":"user","username":"'$USERNAME'","password":"'$PASSWORD'","name":"'$REALNAME'"}' --insecure | jq -r .id` | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/globalrolebinding -H 'content-type: application/json' --data-binary '{"type":"globalRoleBinding","globalRoleId":"'$GLOBALROLE'","userId":"'$USERID'"}' --insecure | |
| # Get clusterid from name | |
| CLUSTERID=`curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusters?name=$CLUSTERNAME --insecure | jq -r .data[].id` | |
| # Add user as member to cluster | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/clusterroletemplatebinding -H 'content-type: application/json' --data-binary '{"type":"clusterRoleTemplateBinding","clusterId":"'$CLUSTERID'","userPrincipalId":"local://'$USERID'","roleTemplateId":"'$CLUSTERROLE'"}' --insecure | |
| # Login as user and get usertoken | |
| LOGINRESPONSE=`curl -s $RANCHERENDPOINT/v3-public/localProviders/local?action=login -H 'content-type: application/json' --data-binary '{"username":"'$USERNAME'","password":"'$PASSWORD'"}' --insecure` | |
| USERTOKEN=`echo $LOGINRESPONSE | jq -r .token` | |
| # Generate and save kubeconfig | |
| curl -s -u $USERTOKEN $RANCHERENDPOINT/clusters/$CLUSTERID?action=generateKubeconfig -X POST -H 'content-type: application/json' --insecure | jq -r .config > kubeconfig | |
| # Set mustChangePassword to true for user to change password upon login | |
| curl -s -u $ADMINBEARERTOKEN $RANCHERENDPOINT/users/$USERID -X PUT -H 'content-type: application/json' --data-binary '{"mustChangePassword":true}' --insecure |
if kubeconfig-generate-token is set to false for reson to set ttl . Using the above once kubeconfig is created how to get kubeconfigtoken
@superseb There is a small mistake at line number 26.
$RANCHERENDPOINT-public/localProviders/local?action=login
above line should be
$RANCHERENDPOINT/v3-public/localProviders/local?action=login
is there anyway add project role also?
did you figure it how?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
is there anyway add project role also?