API tools faq
paste
Guest User

Untitled

a guest
Nov 24th, 2017
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. apiVersion: v1
  2. clusters:
  3. - cluster:
  4. certificate-authority-data: REDACTED
  5. server: https://api.{CLUSTER_NAME}
  6. name: {CLUSTER_NAME}
  7. contexts:
  8. - context:
  9. cluster: {CLUSTER_NAME}
  10. user: {CLUSTER_NAME}
  11. name: {CLUSTER_NAME}
  12. current-context: {CLUSTER_NAME}
  13. kind: Config
  14. preferences: {}
  15. users:
  16. - name: {CLUSTER_NAME}
  17. user:
  18. client-certificate-data: REDACTED
  19. client-key-data: REDACTED
  20. password: REDACTED
  21. username: admin
  22. - name: {CLUSTER_NAME}-basic-auth
  23. user:
  24. password: REDACTED
  25. username: admin
  26.  
  27. kubectl create sa alice
  28.  
  29. secret=$(kubectl get sa alice -o json | jq -r .secrets[].name)
  30.  
  31. kubectl get secret $secret -o json | jq -r '.data["ca.crt"]' | base64 -d > ca.crt
  32.  
  33. user_token=$(kubectl get secret $secret -o json | jq -r '.data["token"]' | base64 -d)
  34.  
  35. # get current context
  36. c=`kubectl config current-context`
  37.  
  38. # get cluster name of context
  39. name=`kubectl config get-contexts $c | awk '{print $3}' | tail -n 1`
  40.  
  41. # get endpoint of current context
  42. endpoint=`kubectl config view -o jsonpath="{.clusters[?(@.name == "$name")].cluster.server}"`
  43.  
  44. brew install kubectl
  45.  
  46. kubectl config set-cluster cluster-staging
  47. --embed-certs=true
  48. --server=$endpoint
  49. --certificate-authority=./ca.crt
  50.  
  51. kubectl config set-credentials alice-staging --token=$user_token
  52.  
  53. kubectl config set-context alice-staging
  54. --cluster=cluster-staging
  55. --user=alice-staging
  56. --namespace=alice
  57.  
  58. kubectl config use-context alice-staging
  59.  
  60. {
  61. "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
  62. "kind": "Policy",
  63. "spec": {
  64. "user": "system:serviceaccount:default:alice",
  65. "namespace": "default",
  66. "resource": "*",
  67. "readonly": true
  68. }
  69. }
  70.  
  71. March 14th 2017 (Tuesday) Lift code freeze and v1.6.0-rc.1
  72. March 22nd 2017 (Wednesday) - v1.6.0
  73.  
  74. # create kubeconfig entry
  75. $ kubectl config set-cluster $CLUSTER_NICK
  76. --server=https://1.1.1.1
  77. --certificate-authority=/path/to/apiserver/ca_file
  78. --embed-certs=true
  79. # Or if tls not needed, replace --certificate-authority and --embed-certs with
  80. --insecure-skip-tls-verify=true
  81. --kubeconfig=/path/to/standalone/.kube/config
  82.  
  83. # create user entry
  84. $ kubectl config set-credentials $USER_NICK
  85. # bearer token credentials, generated on kube master
  86. --token=$token
  87. # use either username|password or token, not both
  88. --username=$username
  89. --password=$password
  90. --client-certificate=/path/to/crt_file
  91. --client-key=/path/to/key_file
  92. --embed-certs=true
  93. --kubeconfig=/path/to/standalone/.kube/config
  94.  
  95. # create context entry
  96. $ kubectl config set-context $CONTEXT_NAME
  97. --cluster=$CLUSTER_NICK
  98. --user=$USER_NICK
  99. --kubeconfig=/path/to/standalone/.kube/config
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!