-
Notifications
You must be signed in to change notification settings - Fork 1
/
kube-create-admin-user
executable file
·116 lines (104 loc) · 2.94 KB
/
kube-create-admin-user
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/bin/bash
# Copyright 2019 Dmitri Rubinstein
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eo pipefail
export LC_ALL=C
unset CDPATH
THIS_DIR=$( (cd "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P))
# shellcheck source=kube-shlib.sh
source "$THIS_DIR/kube-shlib.sh"
define-kubectl-funcs
USER_NAME=admin-user
usage() {
echo "Create service account with cluster-admin ClusterRole in kube-system namespace"
echo ""
echo "$(basename "$0") [options]"
echo ""
echo "environment variables:"
echo " KUBECTL Name of the kubectl command to use"
echo " KUBECTL_BIN Full path to the kubectl binary. This variable has precedence over KUBECTL"
echo " KUBE_CONTEXT The name of the kubeconfig context to use"
echo " KUBECTL_OPTS Additional options for kubectl"
echo "options:"
echo " -u, --user Name of the admin user to create (default: $USER_NAME)"
echo " -c, --context The name of the kubeconfig context to use."
echo " --help Display this help and exit"
echo " -- End of options"
}
while [[ $# -gt 0 ]]; do
case "$1" in
-c | --context)
KUBE_CONTEXT="$2"
shift 2
;;
--context=*)
KUBE_CONTEXT="${1#*=}"
shift
;;
-u | --user)
USER_NAME="$2"
shift 2
;;
--user=*)
USER_NAME="${1#*=}"
shift
;;
--help)
usage
exit
;;
--)
shift
break
;;
-*)
fatal "Unknown option $1"
;;
*)
break
;;
esac
done
if ! run-kubectl-ctx get clusterrole cluster-admin >/dev/null; then
fatal "No ClusterRole cluster-admin"
fi
msg "Create user \"$USER_NAME\""
run-kubectl-ctx apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: ${USER_NAME}
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: ${USER_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: ${USER_NAME}
namespace: kube-system
---
EOF
for i in $(run-kubectl-ctx -n kube-system get secret \
-o go-template='{{range.items}}{{ .metadata.name }} {{end}}'); do
if [[ "$i" == ${USER_NAME}-* ]]; then
run-kubectl-ctx -n kube-system describe secret "$i"
break
fi
done