Add a user to a k3d cluster, with cluster-wide view permissions

k3d_useradd.sh

k3d_adduser() {
  local user=${1:-myuser}
  local group=${2:-mygroup}
  local cluster=${3:-k3d}

  openssl genrsa -out $user.key 2048 && echo "Generated $user.key"
  openssl req -new -key $user.key -out $user.csr -subj "/CN=${user}/O=${group}" \
    && echo "Generated $user.csr"
  if [ ! -f $user.key ] || [ ! -f $user.csr ]; then
    echo "Error generating user credentials. Aborting."
    exit 1
  fi
  local csr_base64=$(base64 -w0 $user.csr)
  
  cat <<EOF > $user-csr-rbac.yaml
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: $user
spec:
  groups:
  - system:authenticated
  request: $csr_base64
  signerName: kubernetes.io/kube-apiserver-client
  usages:
  - client auth
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: $user
subjects:
- kind: User
  name: $user
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: rbac.authorization.k8s.io
EOF

  kubectl apply -f $user-csr-rbac.yaml && rm $user-csr-rbac.yaml
  kubectl certificate approve $user
  kubectl get csr $user -ojsonpath='{.status.certificate}' | base64 -d > $user.crt
  kubectl config set-credentials $user@$cluster --client-key $user.key --client-certificate $user.crt --embed-certs
  kubectl config set-context k3d-$user --cluster $cluster --user $user@$cluster
  kubectl config use-context k3d-$user
  kubectl cluster-info
}