Created
November 6, 2017 09:46
-
-
Save vshatravenko/b113b94bcc0fce5e29f605bbe03a217a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -xe | |
# Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script) | |
if [[ -z "$1" ]] || [[ -z "$2" ]];then | |
echo "usage: $0 <username> <environment (stg|prod)>" | |
exit 1 | |
fi | |
USER=$1 | |
ENVIRONMENT=$2 | |
NAMESPACE=services-${ENVIRONMENT} | |
KUBECFG_FILE_NAME=./k8s-${USER}-${ENVIRONMENT}-conf | |
S3_LOCATION="s3://kite-state-val-devel/k8-configs/${KUBECFG_FILE_NAME}" | |
echo "Creating a service account: ${USER}-${ENVIRONMENT}" | |
kubectl create sa ${USER}-${ENVIRONMENT} | |
echo -e "\nGetting secret of service account ${USER}-${ENVIRONMENT}" | |
SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json | jq -r .secrets[].name) | |
echo "secret = ${SECRET}" | |
echo -e "\nExtracting ca.crt from secret" | |
kubectl get secret ${SECRET} -o json | jq -r '.data["ca.crt"]' | base64 -D > ca.crt | |
echo -e "\nGetting user token" | |
USER_TOKEN=$(kubectl get secret ${SECRET} -o json | jq -r '.data["token"]' | base64 -D) | |
c=`kubectl config current-context` | |
echo -e "\nSetting current context to: $c" | |
CLUSTER_NAME=`kubectl config get-contexts $c | awk '{print $3}' | tail -n 1` | |
echo "cluster_name: ${CLUSTER_NAME}" | |
ENDPOINT=`kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}"` | |
echo "endpoint: ${ENDPOINT}" | |
# Set up the config | |
echo -e "\nPreparing k8s-${USER}-${ENVIRONMENT}-conf" | |
echo "Setting a cluster entry in kubeconfig" | |
# $KUBECONFIG environment variable sets the config in file path | |
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster "${CLUSTER_NAME}" \ | |
--embed-certs=true \ | |
--server=${ENDPOINT} \ | |
--certificate-authority=./ca.crt | |
echo "Setting a user entry in kubeconfig" | |
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --token=${USER_TOKEN} | |
echo "Setting a context entry in kubeconfig" | |
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --cluster=${CLUSTER_NAME} \ | |
--user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \ | |
--namespace=${NAMESPACE} | |
echo "Setting the current-context in the kubeconfig file" | |
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} | |
echo "Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}" | |
aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION | |
echo "done! Test with: " | |
echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment