Kubeconfig File Creation Script
Introduction
This topic outlines the steps for creating a script to retrieve secrets for a service account and use them to generate a kubeconfig file.
The kubeconfig file is used to access the KubeSlice Manager.
Getting the Secrets for the Service Account
To use the script and get a kubeconfig for the service account, follow these steps:
-
Ensure that kubectl is installed and configured to connect to the desired cluster.
-
Copy and save the below script into a file named
kube-configs.sh.
# The script returns a kubeconfig for the service account.
# you need to have kubectl on PATH with the context set to the cluster you want to create the config file.
# Cosmetics for the created config
clusterName=$1
# your server address goes here get it via `kubectl cluster-info`
server=$2
# the Namespace and ServiceAccount name that is used for the config
namespace=$3
serviceAccount=$4
######################
# actual script starts
set -o errexit
secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')
ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)
echo "
---
apiVersion: v1
kind: Config
clusters:
- name: ${clusterName}
cluster:
certificate-authority-data: ${ca}
server: ${server}
contexts:
- name: ${serviceAccount}@${clusterName}
context:
cluster: ${clusterName}
namespace: ${namespace}
user: ${serviceAccount}
users:
- name: ${serviceAccount}
user:
token: ${token}
current-context: ${serviceAccount}@${clusterName}
"
- Replace the following variables in the script:
| Parameter | Description ! |
|---|---|
<controller-cluster-name> | The given name of the controller cluster. |
<controller-endpoint> | The endpoint of the controller cluster. The endpoint you get by running this command on the controller cluster: kubectl cluster-info. For example, https://34.85.129.240. |
kubeslice-<projectname> | The given name of your project. |
<serviceaccount-name> | The service account you get by running this command on the controller cluster: kubectl get sa -n kubeslice-<projectname>. For example, kubeslice-rbac-rw-user1. |
-
Save the modified
kube-configs.shfile. -
Run the following command in the terminal to make the
kube-configs.shfile executable:chmod +x kube-configs.sh -
Run the script by entering the following command in the terminal:
./kube-configs.shUse the following command to get the secrets for the Service Account:
sh kube-configs.sh <controller-cluster-name> <controller-endpoint> kubeslice-<projectname> <serviceaccount-name>
Example
sh kube-configs.sh gke-controller-final https://34.85.129.240 kubeslice-avesha kubeslice-rbac-rw-user
Example Output
---
apiVersion: v1
kind: Config
clusters:
- name: gke-controller-final
cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU9ZLzU2b3NuREF6a00xeHBMdExLZk13RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa09ERmlZekU0WkdRdE5EQm1OUzAwTldRMkxXRXdOVEl0Tm1FNU1qRmhaVFJqTlRkaQpNQ0FYRFRJeU1EUXlOVEExTWpJeU0xb1lEekl3TlRJd05ERTNNRFl5TWpJeldqQXZNUzB3S3dZRFZRUURFeVE0Ck1XSmpNVGhrWkMwME1HWTFMVFExWkRZdFlUQTFNaTAyWVRreU1XRmxOR00xTjJJd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FERFlEdnVPRWRZMjQ1Mkd3SERuS2E1N3hUOGhKVFpLRmY5c2lEYQpWcWdjS2hHZDg5R0M1dG9EUFdCTVNkeHlxNVJyZkN1TmpwaS9qZlBOL0NVQWJPSzZ0NFdhb0o1WHRpRklUdFBoCmdZTWQ5SUxTL1RuVHZjbUI2Z2luUUdCdStPNmpLd0dtREsvbThFeGwzTmxmYk5tWUMraEtIMlRUbDBYVktCNDcKSU5RRXpKTk1ZMzd3NXhJM1ZrcGRGbThpc3d1RndaRnFRSTdVVWFWZmpnNkVGUlJsU0ZRaTBrSkFGMHE2Y1ZLMwpVc0E0Ti9hM0dJVGpXVjVoWHRtaUVMZW1xWHFwcDdPaGNsZmZDQ3VGd0g0dVRFRlVxRzVzWnVVOFgzTzNDWkJjCno3LzJwdEVwb3oxdEN4cS9yaGJXZlFTb3ZaN2lYRTRwM1V0Z0xHL2VJM2o0OHpnSHROTnhIOTNJVitySUMzZEwKOC8vUkYzUy8wNXY5dmNLUVNxckplTmtRblFyOFhWVk83UGs3cFBySE5WK0lPZVhBZVdyeGZyMXlxSXZUZU1UdQpRemQyUU9JSVppNDVMU0dWaFhIQ3JwSlhydXVHZnJ1VVRLQ1F6MUoxM0xITUNscThpYUpGazBsSCt6YXRZSjU4CmJocXdaN0NKbUNuMGlIek5uaVc3ZTRyaThaVUNBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGQnNEcnU4TmdySEtoV25FckJScHh3MzBpUzJhTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQ1p5WmJ0UFVZcGdOcUpCRjRKRVc1MWlqLzZESXV0ajNFRmhlOWNaeTNYCmJMem5hUXROZS9MbXZTMk54UGdlQnFySnR3dGwrVEtKbFlLK3pUOERRT2p4WVhyWXk4Vitubk9DdFJYT2hOZHkKMU1tL2RTallIalBncHNQNXUwQ0ttRUQ4cmpOV1VHSHJaK3dzU0xHL0RTUDZST3h4REFqTE9ZUnR6bU5tT25NSApWZUdOYVQ0bVpuZG4zWTVBRFpaMlc4enB4N25XbmVVUnhlUXI2WURsUklvZW90U2haWno3YTNaMWNmMnFqdkw4CmFhSmdMQWROb0lMbHU0eURKR0thZ2pFZXNqYXlZVUg2UXVmcEFIcDMrb3J0OWh3eEUvUnJ6VU93bjROK1hCc04KYU41UWdJTG9HZmpmMkl4WkViVlhiQStqZmQ5RXRseGdiaUZtc0lxZUpIMTF0QVF0WUNqWmNISi9DTjRFWVU4OQpZeHNDZGsxd3dzZ056RGg3cC93MjM2WnVoeWJKV0ZMM3AxWEYrb2dLVlZBTndvY2tHdlk1S0pHVDhMR0FJWUx2CklHOERmNTRtZWs1aW5CWnlkL09pcXJlaTJLSm5nWStwZVk0L3NSNmlMNEdVV2VHQkNsSmpsdGZzSnNwS3luZmYKTFJJN3R3MVhuRDV2WWRIQU1ZNmhMZkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://34.85.129.240
contexts:
- name: kubeslice-rbac-rw-user@gke-controller-final
context:
cluster: gke-controller-final
namespace: kubeslice-avesha
user: kubeslice-rbac-rw-user
users:
- name: kubeslice-rbac-rw-user
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtYaU9NU19jZ2MzUml4VTRVOGlOdFhCUG42bmZBS2J1cldaV2FZcXlKLVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlc2xpY2UtYXZlc2hhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Imt1YmVzbGljZS1yYmFjLXJ3LXNyaW5pLXRva2VuLWdnZ205Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imt1YmVzbGljZS1yYmFjLXJ3LXNyaW5pIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzYwNDI4NzUtMTVhNy00N2ViLTg2YzctOTljZDFiMTNjOTE5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVzbGljZS1hdmVzaGE6a3ViZXNsaWNlLXJiYWMtcnctc3JpbmkifQ.gUabkMT8x78fICr_uP6KGbUDUKlc8SweD_5xzrXfd3RVX8cMtFY4xd8K8GnafBtB77xJjrGz_9tqg6zEad-5ULV9wn3jopYe1WgvhruvPPjPV0DSQMTPSWReQv378a-tCHXrz30J1d6-r_VA5-8dwH--gZrusoBtc6646M7LRdPzS9CsbILdrVVJkoXD1eQyIGSsr4z6MLsGg_nxyU7dlTfYTGv_dQ6XMoljpIg9VBkoWuZgTQqpnbxJGZkWsB41Ri64HTbAKwlMTIvwT8LTmPqOOVubbtV-RoGAITDfV28sFggcmVzay5MKeNyYT-g6Fbi4pQERqU7_YPNlu_ANCQ
current-context: kubeslice-rbac-rw-user@gke-controller-final
-
The generated kubeconfig file can now be used with
kubectlby setting theKUBECONFIGenvironment variable to the path of the file:export KUBECONFIG=my-kubeconfig.yaml. -
Use the output
kubeconfigfile to access the KubeSlice Manager.