From f09b62942a3949fcb6266ca6f0b16538b999b91a Mon Sep 17 00:00:00 2001 From: Neha Sharma <156081591+Neha130@users.noreply.github.com> Date: Fri, 14 Jun 2024 19:12:55 +0530 Subject: [PATCH 01/10] Update kubernetes_kubeconfig_sa.sh --- .../kubernetes_kubeconfig_sa.sh | 120 ++++++++++++++---- 1 file changed, 98 insertions(+), 22 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh b/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh index ce4c8c4..0b5a9d6 100644 --- a/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh +++ b/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh @@ -4,8 +4,8 @@ set -o pipefail # Add user to k8s using service account, no RBAC (must create RBAC after this script) if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$2" ]]; then - echo "usage: $0 " - echo "ex: sh ./kubeconfig-exporter/kubernetes_export_sa.sh cd-user cd-user /Users/nishant/workspace/inception/kubeconfig-exporter/clusterrole.yaml" + echo "usage: $0 " + echo "ex: sh ./kubeconfig-exporter/kubernetes_export_sa.sh cd-user cd-user" exit 1 fi @@ -13,11 +13,31 @@ SERVICE_ACCOUNT_NAME=$1 NAMESPACE="$2" KUBECFG_FILE_NAME="tmp/k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf-${RANDOM}.conf" TARGET_FOLDER="tmp/" -CLUSTER_ROLE_FILE=$3 +SERVER_URL="" +TOKEN="" create_cluster_role_binding(){ - echo -n "Creating cluster role binding from ${CLUSTER_ROLE_FILE}" - kubectl apply -f ${CLUSTER_ROLE_FILE} + echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" + kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath="{.data.ca\.crt}"| base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { - echo -e -n "\\nGetting user token from secret..." - USER_TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq -r '.data["token"]' | base64 --decode) + echo -e -n "\\nGetting user token from secret..." + TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) printf "done" } @@ -57,16 +102,16 @@ set_kube_config_values() { CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) echo "Cluster name: ${CLUSTER_NAME}" - ENDPOINT=$(kubectl config view \ + SERVER_URL=$(kubectl config view \ -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") - echo "Endpoint: ${ENDPOINT}" + # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ - --server="${ENDPOINT}" \ + --server="${SERVER_URL}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true @@ -74,7 +119,7 @@ set_kube_config_values() { kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ - --token="${USER_TOKEN}" + --token="${TOKEN}" echo -n "Setting a context entry in kubeconfig..." kubectl config set-context \ @@ -89,19 +134,50 @@ set_kube_config_values() { --kubeconfig="${KUBECFG_FILE_NAME}" } -create_target_folder -create_cluster_role_binding -create_service_account -get_secret_name_from_service_account -extract_ca_crt_from_secret -get_user_token_from_secret -set_kube_config_values + +#CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) +CLIENT_VERSION=$(kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) +echo "$CLIENT_VERSION" +if [[ $CLIENT_VERSION -gt 27 ]] +then + #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(expr $VERSION) +else + #VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + + VERSION=$(expr $VERSION) +fi + +if [[ $VERSION -ge 24 ]] +then + create_target_folder + create_cluster_role_binding + create_service_account + create_secret + get_secret_name_from_secret + extract_ca_crt_from_secret + get_user_token_from_secret + set_kube_config_values +else + create_target_folder + create_cluster_role_binding + create_service_account + get_secret_name_from_service_account + extract_ca_crt_from_secret + get_user_token_from_secret + set_kube_config_values +fi echo -e "\\nAll done! Test with:" echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " -cat ${KUBECFG_FILE_NAME} +echo "SERVER URL := ${SERVER_URL} " +echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " +echo "BEARER TOKEN := ${TOKEN} " echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " + KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods From 0dc20cbb578eaf52d42b74ca1dd0e8eea79e6a6f Mon Sep 17 00:00:00 2001 From: Neha Sharma <156081591+Neha130@users.noreply.github.com> Date: Fri, 14 Jun 2024 19:20:50 +0530 Subject: [PATCH 02/10] Update kubernetes_kubeconfig_sa.sh --- .../kubernetes_kubeconfig_sa.sh | 120 ++++-------------- 1 file changed, 22 insertions(+), 98 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh b/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh index 0b5a9d6..ce4c8c4 100644 --- a/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh +++ b/kubeconfig-exporter/kubernetes_kubeconfig_sa.sh @@ -4,8 +4,8 @@ set -o pipefail # Add user to k8s using service account, no RBAC (must create RBAC after this script) if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$2" ]]; then - echo "usage: $0 " - echo "ex: sh ./kubeconfig-exporter/kubernetes_export_sa.sh cd-user cd-user" + echo "usage: $0 " + echo "ex: sh ./kubeconfig-exporter/kubernetes_export_sa.sh cd-user cd-user /Users/nishant/workspace/inception/kubeconfig-exporter/clusterrole.yaml" exit 1 fi @@ -13,31 +13,11 @@ SERVICE_ACCOUNT_NAME=$1 NAMESPACE="$2" KUBECFG_FILE_NAME="tmp/k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf-${RANDOM}.conf" TARGET_FOLDER="tmp/" -SERVER_URL="" -TOKEN="" +CLUSTER_ROLE_FILE=$3 create_cluster_role_binding(){ - echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq \ + -r '.data["ca.crt"]' | base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { - echo -e -n "\\nGetting user token from secret..." - TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) + echo -e -n "\\nGetting user token from secret..." + USER_TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq -r '.data["token"]' | base64 --decode) printf "done" } @@ -102,16 +57,16 @@ set_kube_config_values() { CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) echo "Cluster name: ${CLUSTER_NAME}" - SERVER_URL=$(kubectl config view \ + ENDPOINT=$(kubectl config view \ -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") - + echo "Endpoint: ${ENDPOINT}" # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ - --server="${SERVER_URL}" \ + --server="${ENDPOINT}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true @@ -119,7 +74,7 @@ set_kube_config_values() { kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ - --token="${TOKEN}" + --token="${USER_TOKEN}" echo -n "Setting a context entry in kubeconfig..." kubectl config set-context \ @@ -134,50 +89,19 @@ set_kube_config_values() { --kubeconfig="${KUBECFG_FILE_NAME}" } - -#CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) -CLIENT_VERSION=$(kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) -echo "$CLIENT_VERSION" -if [[ $CLIENT_VERSION -gt 27 ]] -then - #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(expr $VERSION) -else - #VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - - VERSION=$(expr $VERSION) -fi - -if [[ $VERSION -ge 24 ]] -then - create_target_folder - create_cluster_role_binding - create_service_account - create_secret - get_secret_name_from_secret - extract_ca_crt_from_secret - get_user_token_from_secret - set_kube_config_values -else - create_target_folder - create_cluster_role_binding - create_service_account - get_secret_name_from_service_account - extract_ca_crt_from_secret - get_user_token_from_secret - set_kube_config_values -fi +create_target_folder +create_cluster_role_binding +create_service_account +get_secret_name_from_service_account +extract_ca_crt_from_secret +get_user_token_from_secret +set_kube_config_values echo -e "\\nAll done! Test with:" echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " -echo "SERVER URL := ${SERVER_URL} " -echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " -echo "BEARER TOKEN := ${TOKEN} " +cat ${KUBECFG_FILE_NAME} echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " - KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods From d6880e92267b4628c3ce89383e9864afea881869 Mon Sep 17 00:00:00 2001 From: Neha Sharma <156081591+Neha130@users.noreply.github.com> Date: Fri, 14 Jun 2024 19:21:30 +0530 Subject: [PATCH 03/10] Update kubernetes_export_sa.sh --- kubeconfig-exporter/kubernetes_export_sa.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 9babb16..0b5a9d6 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -135,14 +135,18 @@ set_kube_config_values() { } -CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) +#CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) +CLIENT_VERSION=$(kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) echo "$CLIENT_VERSION" if [[ $CLIENT_VERSION -gt 27 ]] then + #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(expr $VERSION) else - VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + #VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(expr $VERSION) fi From b11e397800cd4697f78be8f88dc127736cd6c485 Mon Sep 17 00:00:00 2001 From: Neha Sharma <156081591+Neha130@users.noreply.github.com> Date: Fri, 28 Jun 2024 17:39:28 +0530 Subject: [PATCH 04/10] Update kubernetes_export_sa.sh --- kubeconfig-exporter/kubernetes_export_sa.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 0b5a9d6..2409e06 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -144,8 +144,8 @@ then VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(expr $VERSION) else - #VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(expr $VERSION) fi From 26732bd1126a613b8d41073cb56682be58699bec Mon Sep 17 00:00:00 2001 From: Neha Sharma Date: Tue, 9 Jul 2024 12:59:00 +0530 Subject: [PATCH 05/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 54 +++++++++++---------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 2409e06..9af976a 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -17,8 +17,8 @@ SERVER_URL="" TOKEN="" create_cluster_role_binding(){ - echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath="{.data.ca\.crt}"| base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { echo -e -n "\\nGetting user token from secret..." - TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) + TOKEN=$( kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) printf "done" } set_kube_config_values() { - context=$(kubectl config current-context) + context=$( kubectl config current-context) echo -e "\\nSetting current context to: $context" - CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) + CLUSTER_NAME=$( kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) echo "Cluster name: ${CLUSTER_NAME}" - SERVER_URL=$(kubectl config view \ + SERVER_URL=$( kubectl config view \ -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." - kubectl config set-cluster "${CLUSTER_NAME}" \ + kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --server="${SERVER_URL}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true echo -n "Setting token credentials entry in kubeconfig..." - kubectl config set-credentials \ + kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${TOKEN}" echo -n "Setting a context entry in kubeconfig..." - kubectl config set-context \ + kubectl config set-context \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --cluster="${CLUSTER_NAME}" \ @@ -130,22 +130,24 @@ set_kube_config_values() { --namespace="${NAMESPACE}" echo -n "Setting the current-context in the kubeconfig file..." - kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ + kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } -#CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) -CLIENT_VERSION=$(kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) +#CLIENT_VERSION=$( kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) +# CLIENT_VERSION=$( kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) +CLIENT_VERSION=$( kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2) + echo "$CLIENT_VERSION" if [[ $CLIENT_VERSION -gt 27 ]] -then - #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(expr $VERSION) +then + #VERSION=$( kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) + VERSION=$(kubectl version -o json | awk -F '"' '/"serverVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) + VERSION=$(expr $VERSION ) + else VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(expr $VERSION) fi @@ -168,10 +170,10 @@ else extract_ca_crt_from_secret get_user_token_from_secret set_kube_config_values -fi +fi echo -e "\\nAll done! Test with:" -echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" +echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " @@ -180,4 +182,4 @@ echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "BEARER TOKEN := ${TOKEN} " echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " -KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods +KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods From b2a557628e74ba40bbbbd481953ac28afaab844a Mon Sep 17 00:00:00 2001 From: Neha Sharma Date: Tue, 9 Jul 2024 13:13:42 +0530 Subject: [PATCH 06/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 9af976a..8bf783f 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -18,7 +18,7 @@ TOKEN="" create_cluster_role_binding(){ echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath="{.data.ca\.crt}"| base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } @@ -109,20 +109,20 @@ set_kube_config_values() { # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." - kubectl config set-cluster "${CLUSTER_NAME}" \ + kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --server="${SERVER_URL}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true echo -n "Setting token credentials entry in kubeconfig..." - kubectl config set-credentials \ + kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${TOKEN}" echo -n "Setting a context entry in kubeconfig..." - kubectl config set-context \ + kubectl config set-context \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --cluster="${CLUSTER_NAME}" \ @@ -130,7 +130,7 @@ set_kube_config_values() { --namespace="${NAMESPACE}" echo -n "Setting the current-context in the kubeconfig file..." - kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ + kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } From 6b59b2024013dfbcf8d749ed911a74dab2eac626 Mon Sep 17 00:00:00 2001 From: Neha Sharma Date: Tue, 9 Jul 2024 13:16:33 +0530 Subject: [PATCH 07/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 8bf783f..97a86ec 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -18,7 +18,7 @@ TOKEN="" create_cluster_role_binding(){ echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath="{.data.ca\.crt}"| base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } @@ -109,14 +109,14 @@ set_kube_config_values() { # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." - kubectl config set-cluster "${CLUSTER_NAME}" \ + kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --server="${SERVER_URL}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true echo -n "Setting token credentials entry in kubeconfig..." - kubectl config set-credentials \ + kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${TOKEN}" @@ -130,7 +130,7 @@ set_kube_config_values() { --namespace="${NAMESPACE}" echo -n "Setting the current-context in the kubeconfig file..." - kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ + kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } From d35cde514196704ab0680fdb08c97fdd87b0c532 Mon Sep 17 00:00:00 2001 From: Neha Sharma Date: Tue, 9 Jul 2024 13:21:50 +0530 Subject: [PATCH 08/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 48 ++++++++++----------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index 97a86ec..d13572e 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -17,8 +17,8 @@ SERVER_URL="" TOKEN="" create_cluster_role_binding(){ - echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < "${TARGET_FOLDER}/ca.crt" + kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath="{.data.ca\.crt}"| base64 --decode > "${TARGET_FOLDER}/ca.crt" printf "done" } get_user_token_from_secret() { echo -e -n "\\nGetting user token from secret..." - TOKEN=$( kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) + TOKEN=$(kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o=jsonpath={.data.token}|base64 --decode) printf "done" } set_kube_config_values() { - context=$( kubectl config current-context) + context=$(kubectl config current-context) echo -e "\\nSetting current context to: $context" - CLUSTER_NAME=$( kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) + CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1) echo "Cluster name: ${CLUSTER_NAME}" - SERVER_URL=$( kubectl config view \ + SERVER_URL=$(kubectl config view \ -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}") # Set up the config echo -e "\\nPreparing k8s-${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-conf" echo -n "Setting a cluster entry in kubeconfig..." - kubectl config set-cluster "${CLUSTER_NAME}" \ + kubectl config set-cluster "${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --server="${SERVER_URL}" \ --certificate-authority="${TARGET_FOLDER}/ca.crt" \ --embed-certs=true echo -n "Setting token credentials entry in kubeconfig..." - kubectl config set-credentials \ + kubectl config set-credentials \ "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" \ --token="${TOKEN}" @@ -130,25 +130,21 @@ set_kube_config_values() { --namespace="${NAMESPACE}" echo -n "Setting the current-context in the kubeconfig file..." - kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ + kubectl config use-context "${SERVICE_ACCOUNT_NAME}-${NAMESPACE}-${CLUSTER_NAME}" \ --kubeconfig="${KUBECFG_FILE_NAME}" } -#CLIENT_VERSION=$( kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) -# CLIENT_VERSION=$( kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) +#CLIENT_VERSION=$(kubectl version --client | awk '/Client Version: /{print $3}'| cut -d '.' -f 2) CLIENT_VERSION=$( kubectl version -o json | awk -F '"' '/"clientVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2) - echo "$CLIENT_VERSION" if [[ $CLIENT_VERSION -gt 27 ]] -then - #VERSION=$( kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) +then + #VERSION=$(kubectl version | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) VERSION=$(kubectl version -o json | awk -F '"' '/"serverVersion"/ {getline; getline; print $4}' | cut -d '.' -f 2 ) - VERSION=$(expr $VERSION ) - + VERSION=$(expr $VERSION) else VERSION=$(kubectl version --short | awk '/Server Version: /{print $3}' | cut -d '.' -f 2 ) - VERSION=$(expr $VERSION) fi @@ -170,10 +166,10 @@ else extract_ca_crt_from_secret get_user_token_from_secret set_kube_config_values -fi +fi echo -e "\\nAll done! Test with:" -echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" +echo "KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods" echo "you should not have any permissions by default - you have just created the authentication part" echo "You will need to create RBAC permissions" echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " @@ -182,4 +178,4 @@ echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - echo "BEARER TOKEN := ${TOKEN} " echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " -KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods +KUBECONFIG=${KUBECFG_FILE_NAME} kubectl get pods From 0ee31ea319799f25fb9c179120206b33d5ca856f Mon Sep 17 00:00:00 2001 From: Neha Sharma Date: Tue, 9 Jul 2024 13:30:00 +0530 Subject: [PATCH 09/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 28 ++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index d13572e..f8d2fe1 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -18,7 +18,7 @@ TOKEN="" create_cluster_role_binding(){ echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - < Date: Tue, 9 Jul 2024 13:32:16 +0530 Subject: [PATCH 10/10] changes in the script --- kubeconfig-exporter/kubernetes_export_sa.sh | 30 ++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/kubeconfig-exporter/kubernetes_export_sa.sh b/kubeconfig-exporter/kubernetes_export_sa.sh index f8d2fe1..fcbcaea 100644 --- a/kubeconfig-exporter/kubernetes_export_sa.sh +++ b/kubeconfig-exporter/kubernetes_export_sa.sh @@ -18,7 +18,7 @@ TOKEN="" create_cluster_role_binding(){ echo -e "\\nCreating cluster role binding of name ${SERVICE_ACCOUNT_NAME} with clusterRole cluster-admin" - kubectl apply -f - <