Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apiVersion: v1
- clusters:
- - cluster:
- certificate-authority-data: REDACTED
- server: https://api.{CLUSTER_NAME}
- name: {CLUSTER_NAME}
- contexts:
- - context:
- cluster: {CLUSTER_NAME}
- user: {CLUSTER_NAME}
- name: {CLUSTER_NAME}
- current-context: {CLUSTER_NAME}
- kind: Config
- preferences: {}
- users:
- - name: {CLUSTER_NAME}
- user:
- client-certificate-data: REDACTED
- client-key-data: REDACTED
- password: REDACTED
- username: admin
- - name: {CLUSTER_NAME}-basic-auth
- user:
- password: REDACTED
- username: admin
- kubectl create sa alice
- secret=$(kubectl get sa alice -o json | jq -r .secrets[].name)
- kubectl get secret $secret -o json | jq -r '.data["ca.crt"]' | base64 -d > ca.crt
- user_token=$(kubectl get secret $secret -o json | jq -r '.data["token"]' | base64 -d)
- # get current context
- c=`kubectl config current-context`
- # get cluster name of context
- name=`kubectl config get-contexts $c | awk '{print $3}' | tail -n 1`
- # get endpoint of current context
- endpoint=`kubectl config view -o jsonpath="{.clusters[?(@.name == "$name")].cluster.server}"`
- brew install kubectl
- kubectl config set-cluster cluster-staging
- --embed-certs=true
- --server=$endpoint
- --certificate-authority=./ca.crt
- kubectl config set-credentials alice-staging --token=$user_token
- kubectl config set-context alice-staging
- --cluster=cluster-staging
- --user=alice-staging
- --namespace=alice
- kubectl config use-context alice-staging
- {
- "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
- "kind": "Policy",
- "spec": {
- "user": "system:serviceaccount:default:alice",
- "namespace": "default",
- "resource": "*",
- "readonly": true
- }
- }
- March 14th 2017 (Tuesday) Lift code freeze and v1.6.0-rc.1
- March 22nd 2017 (Wednesday) - v1.6.0
- # create kubeconfig entry
- $ kubectl config set-cluster $CLUSTER_NICK
- --server=https://1.1.1.1
- --certificate-authority=/path/to/apiserver/ca_file
- --embed-certs=true
- # Or if tls not needed, replace --certificate-authority and --embed-certs with
- --insecure-skip-tls-verify=true
- --kubeconfig=/path/to/standalone/.kube/config
- # create user entry
- $ kubectl config set-credentials $USER_NICK
- # bearer token credentials, generated on kube master
- --token=$token
- # use either username|password or token, not both
- --username=$username
- --password=$password
- --client-certificate=/path/to/crt_file
- --client-key=/path/to/key_file
- --embed-certs=true
- --kubeconfig=/path/to/standalone/.kube/config
- # create context entry
- $ kubectl config set-context $CONTEXT_NAME
- --cluster=$CLUSTER_NICK
- --user=$USER_NICK
- --kubeconfig=/path/to/standalone/.kube/config
Add Comment
Please, Sign In to add comment