vshatravenko/kubeconfig-gen.sh

## kubeconfig-gen.sh
#!/bin/bash

set -xe

# Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script)
if [[ -z "$1" ]] || [[ -z "$2" ]];then
 echo "usage: $0 <username> <environment (stg|prod)>"
 exit 1
fi

USER=$1
ENVIRONMENT=$2
NAMESPACE=services-${ENVIRONMENT}
KUBECFG_FILE_NAME=./k8s-${USER}-${ENVIRONMENT}-conf
S3_LOCATION="s3://kite-state-val-devel/k8-configs/${KUBECFG_FILE_NAME}"

echo "Creating a service account: ${USER}-${ENVIRONMENT}"
kubectl create sa ${USER}-${ENVIRONMENT}

echo -e "\nGetting secret of service account ${USER}-${ENVIRONMENT}"
SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json | jq -r .secrets[].name)
echo "secret = ${SECRET}"

echo -e "\nExtracting ca.crt from secret"
kubectl get secret ${SECRET} -o json | jq -r '.data["ca.crt"]' | base64 -D > ca.crt

echo -e "\nGetting user token"
USER_TOKEN=$(kubectl get secret ${SECRET} -o json | jq -r '.data["token"]' | base64 -D)

c=`kubectl config current-context`
echo -e "\nSetting current context to: $c"

CLUSTER_NAME=`kubectl config get-contexts $c | awk '{print $3}' | tail -n 1`
echo "cluster_name: ${CLUSTER_NAME}"

ENDPOINT=`kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}"`
echo "endpoint: ${ENDPOINT}"

# Set up the config
echo -e "\nPreparing k8s-${USER}-${ENVIRONMENT}-conf"
echo "Setting a cluster entry in kubeconfig"

# $KUBECONFIG environment variable sets the config in file path
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster "${CLUSTER_NAME}" \
  --embed-certs=true \
  --server=${ENDPOINT} \
  --certificate-authority=./ca.crt

echo "Setting a user entry in kubeconfig"
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --token=${USER_TOKEN}

echo "Setting a context entry in kubeconfig"
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --cluster=${CLUSTER_NAME} \
  --user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \
  --namespace=${NAMESPACE}

echo "Setting the current-context in the kubeconfig file"
KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-}

echo "Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}"
aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION

echo "done! Test with: "
echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods"
	#!/bin/bash

	set -xe

	# Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script)
	if [[ -z "$1" ]] \|\| [[ -z "$2" ]];then
	echo "usage: $0 <username> <environment (stg\|prod)>"
	exit 1
	fi

	USER=$1
	ENVIRONMENT=$2
	NAMESPACE=services-${ENVIRONMENT}
	KUBECFG_FILE_NAME=./k8s-${USER}-${ENVIRONMENT}-conf
	S3_LOCATION="s3://kite-state-val-devel/k8-configs/${KUBECFG_FILE_NAME}"

	echo "Creating a service account: ${USER}-${ENVIRONMENT}"
	kubectl create sa ${USER}-${ENVIRONMENT}

	echo -e "\nGetting secret of service account ${USER}-${ENVIRONMENT}"
	SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json \| jq -r .secrets[].name)
	echo "secret = ${SECRET}"

	echo -e "\nExtracting ca.crt from secret"
	kubectl get secret ${SECRET} -o json \| jq -r '.data["ca.crt"]' \| base64 -D > ca.crt

	echo -e "\nGetting user token"
	USER_TOKEN=$(kubectl get secret ${SECRET} -o json \| jq -r '.data["token"]' \| base64 -D)

	c=`kubectl config current-context`
	echo -e "\nSetting current context to: $c"

	CLUSTER_NAME=`kubectl config get-contexts $c \| awk '{print $3}' \| tail -n 1`
	echo "cluster_name: ${CLUSTER_NAME}"

	ENDPOINT=`kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}"`
	echo "endpoint: ${ENDPOINT}"

	# Set up the config
	echo -e "\nPreparing k8s-${USER}-${ENVIRONMENT}-conf"
	echo "Setting a cluster entry in kubeconfig"

	# $KUBECONFIG environment variable sets the config in file path
	KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster "${CLUSTER_NAME}" \
	--embed-certs=true \
	--server=${ENDPOINT} \
	--certificate-authority=./ca.crt

	echo "Setting a user entry in kubeconfig"
	KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --token=${USER_TOKEN}

	echo "Setting a context entry in kubeconfig"
	KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} --cluster=${CLUSTER_NAME} \
	--user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \
	--namespace=${NAMESPACE}

	echo "Setting the current-context in the kubeconfig file"
	KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-}

	echo "Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}"
	aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION

	echo "done! Test with: "
	echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods"