#!/bin/bash# Add user to k8s 1.6 using service account, no RBAC (must create R

1. #!/bin/bash
2.  
3. # Add user to k8s 1.6 using service account, no RBAC (must create RBAC after this script)
4. if [[ -z “$1” ]] || [[ -z “$2” ]];then
5. echo “usage: $0 <username> <environment (stg|prod)>”
6. exit 1
7. fi
8.  
9. USER=$1
10. environment=$2
11. NAMESPACE=services-${environment}
12. KUBECFG_FILE_NAME=/tmp/k8s-${USER}-${ENVIRONMENT}-conf
13. S3_LOCATION=”s3://some-bucket/k8-configs/${KUBECFG_FILE_NAME}”
14.  
15. echo “Creating a service account: ${USER}-${ENVIRONMENT}”
16. kubectl create sa ${USER}-${ENVIRONMENT}
17.  
18. echo -e “\nGetting secret of service account ${USER}-${ENVIRONMENT}”
19. SECRET=$(kubectl get sa ${USER}-${ENVIRONMENT} -o json | jq -r .secrets[].name)
20. echo “secret = ${SECRET}”
21.  
22. echo -e “\nExtracting ca.crt from secret”
23. kubectl get secret ${SECRET} -o json | jq -r ‘.data[“ca.crt”]’ | base64 -D > ca.crt
24.  
25. echo -e “\nGetting user token”
26. USER_TOKEN=$(kubectl get secret ${SECRET} -o json | jq -r ‘.data[“token”]’ | base64 -D)
27.  
28. c=`kubectl config current-context`
29. echo -e “\nSetting current context to: $c”
30.  
31. cluster_name=`kubectl config get-contexts $c | awk ‘{print $3}’ | tail -n 1`
32. echo “cluster_name: ${CLUSTER_NAME}”
33.  
34. endpoint=`kubectl config view -o jsonpath=”{.clusters[?(@.name == \”${CLUSTER_NAME}\”)].cluster.server}”`
35. echo “endpoint: ${endpoint}”
36.  
37. # Set up the config
38. echo -e “\nPreparing k8s-${USER}-${ENVIRONMENT}-conf”
39. echo “Setting a cluster entry in kubeconfig”
40.  
41. # $KUBECONFIG environment variable sets the config in file path
42. KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-cluster ${CLUSTER_NAME} \
43.  — embed-certs=true \
44.  — server=${ENDPOINT} \
45.  — certificate-authority=./ca.crt
46.  
47. echo “Setting a user entry in kubeconfig”
48. KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-credentials ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} — token=${USER_TOKEN}
49.  
50. echo “Setting a context entry in kubeconfig”
51. KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config set-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \
52.  — cluster=${CLUSTER_NAME} \
53.  — user=${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-} \
54.  — namespace=${NAMESPACE}
55.  
56. echo “Setting the current-context in the kubeconfig file”
57. KUBECONFIG=${KUBECFG_FILE_NAME} kubectl config use-context ${USER}-${ENVIRONMENT}-${CLUSTER_NAME#cluster-}
58.  
59. echo “Uploading ${KUBECFG_FILE_NAME} to ${S3_LOCATION}”
60. aws s3 cp $KUBECFG_FILE_NAME $S3_LOCATION
61.  
62. echo “done! Test with: “
63. echo “KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods”