클라우드 네이티브 애플리케이션 부트캠프 알림

티스토리 뷰

Cloud/Kubernetes

kubeconfig 셋팅 shell

Happy@Cloud 2020. 10. 28. 19:09

kubernetes config (보통 ~/.kube/config파일)를 셋팅해주는 shell프로그램입니다.

아래 소스로 shell파일을 만들고, 실행권한을 준 후 , 실행하시면 됩니다.

$ vi setup-config

$ chmod +x setup-config

$ ./setup-config kubernetes hklee

kubernetes 클러스터에 아래와 같이 작업

- 네임스페이스 ns-hklee 생성

- Service account sa-hklee 생성

- rb-sa-hklee라는 rolebinding하면서 sa-hklee에게 ns-hklee의 'admin' 역할 부여. 다른 namespace는 접근 못하게 함

- kubeconfig에 service account 'sa-hklee'생성

- kubeconfig에 context 'hklee'생성

 


#!/bin/bash

echo "##### START of Setup kubeconfig! #####"
CLUSTER=`kubectl config view --minify -o jsonpath='{.clusters[0].name}'`
NS=""
# Get parameter
if ([ $# == 0 ]) || ([ $# -eq 1 ] && [ "$1" == "-h" -o "$1" == "--help" ]); then
  echo "setup-config.sh [<CLUSTER>] <NAMESPACE POSTFIX>"
  echo " CLUSTER: cluster명이며 기본값은 kubernetes이며 생략할 수 있음"
  echo " NAMESPACE: namespace명으로 실제 namespace는 ns-<NAMESPACE>로 생성되며 필수값임"
  exit 2
fi

if [ $# == 1 ]; then
  NS=$1
elif [ $# == 2 ]; then
  CLUSTER=$1
  NS=$2
fi

# Switch to kubernetes-admin context
kubectl config use-context kubernetes-admin@kubernetes

# Create namespace if not exists
chk=`kubectl get ns | grep ns-${NS}`
if [ $? == 1 ]; then
  echo "[ Create namespace ns-${NS} ]"
  kubectl create ns ns-${NS}
else
  echo "[ namespace ns-${NS} already exists ]"
fi

# Create service account if not exists
chk=`kubectl get sa -n ns-${NS} | grep sa-${NS}`
if [ $? == 1 ]; then
  echo "[ Create serviceaccount sa-${NS} ]"
  kubectl create sa sa-${NS} -n ns-${NS}

else
  echo "[ serviceaccount sa-${NS} already exists in ns-${NS} ]"
fi

# Create rolebinding
chk=`kubectl get rolebinding -n ns-${NS} | grep rb-sa-${NS}`
if [ $? == 1 ]; then
  echo "[ Create rolebinding rb-sa-${NS} ]"
  kubectl create rolebinding rb-sa-${NS} --clusterrole=admin --serviceaccount=ns-${NS}:sa-${NS} -n ns-${NS}
else
  echo "[ rolebinding rb-sa-${NS} already exists ]"
fi


# Get token of the serviceaccount
secret=`kubectl get secret -n ns-${NS} | grep sa-${NS} | cut -d " " -f1`
TOKEN=`kubectl describe secret ${secret} -n ns-${NS} | grep token: | cut -d ":" -f2 | tr -d " "`

# Create user
chk=`kubectl config view | grep "name: sa-{NS}"`
if [ $? == 1 ]; then
  echo "[ Create user sa-${NS} in kubeconfig ]"
  kubectl config set-credentials sa-${NS} --token=${TOKEN}
else
  echo "[ User sa-${NS} already exists in kubeconfig ]"
fi

# Create context
chk=`kubectl config view | grep "name: ${NS}"`
if [ $? == 1 ]; then
  echo "[ Create context ${NS} ]"
  kubectl config set-context ${NS} --user=sa-${NS} --cluster=${CLUSTER} --namespace=ns-${NS}
else
  echo "[ Context ${NS} already exists in kubeconfig ]"
fi

# Test
current=`kubectl config current-context`
kubectl config use-context ${NS}
kubectl get all
if [ $? == 0 ]; then
  echo "SUCCESS to setup kubeconfig !!!"
else
  echo "FAIL to setup kubeconfig !!!"
fi

kubectl config use-context ${current}


echo "##### END of Setup kubeconfig! #####"
댓글

클라우드 네이티브 애플리케이션 부트캠프 알림