add control scripts
This commit is contained in:
ducoterra
65
adduser.sh
65
adduser.sh
@@ -2,13 +2,26 @@
|
||||
|
||||
export USER=$1
|
||||
export SERVER=$2
|
||||
export ADMIN=$3
|
||||
|
||||
export CERT_DIR=$HOME/.kube/$SERVER/users/$USER
|
||||
export CA_CERT_DIR=$HOME/.kube/$SERVER
|
||||
|
||||
export SERVER_USER_DIR="~/.kube/users/$USER"
|
||||
|
||||
if [ -z $USER ]; then
|
||||
echo "No arguments supplied! Format is ./adduser.sh <USER> <SERVER_FQDN>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z $SERVER ]; then
|
||||
echo "No server supplied for user $USER"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $USER=="admin" ]; then
|
||||
echo "Creating admin user for server $SERVER"
|
||||
fi
|
||||
|
||||
echo "Creating cert dir"
|
||||
mkdir -p $CERT_DIR
|
||||
|
||||
@@ -19,7 +32,12 @@ fi
|
||||
|
||||
echo "Generating openssl cert"
|
||||
docker run -it -v $CERT_DIR:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048
|
||||
|
||||
if [ $USER=="admin" ]; then
|
||||
docker run -it -v $CERT_DIR:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=system:masters"
|
||||
else
|
||||
docker run -it -v $CERT_DIR:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user"
|
||||
fi
|
||||
# /CN=admin/O=manager
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
@@ -37,22 +55,6 @@ if [ $? -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Templating namespace with helm and copying to server"
|
||||
helm template $USER --set user=$USER ./namespace | ssh $SERVER "cat - > $SERVER_USER_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to template namespace. Is helm installed?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Creating namespace from template"
|
||||
ssh $SERVER "kubectl apply -f $SERVER_USER_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to create namespace"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Getting cert signing pod"
|
||||
export CERT_POD=$(ssh $SERVER "kubectl get pod -n kube-system --selector=app=certsigner --output=jsonpath={.items..metadata.name}")
|
||||
|
||||
@@ -78,12 +80,37 @@ ssh $SERVER "kubectl -n kube-system cp $CERT_POD:/certs/$USER.crt ~/.kube/users/
|
||||
echo "retrieving signed cert"
|
||||
scp $SERVER:$SERVER_USER_DIR/$USER.crt $CERT_DIR/$USER.crt
|
||||
|
||||
|
||||
echo "retrieving server ca"
|
||||
wget --no-check-certificate https://$SERVER:6443/cacerts -O $CA_CERT_DIR/server-ca.pem
|
||||
echo "adding server to config with new context $SERVER-$USER"
|
||||
kubectl config set-cluster $SERVER --server=https://$SERVER:6443 --certificate-authority=$CA_CERT_DIR/server-ca.pem
|
||||
kubectl config set-credentials $USER-$SERVER --client-certificate=$CERT_DIR/$USER.crt --client-key=$CERT_DIR/$USER.key
|
||||
|
||||
if [ $USER=="admin" ]; then
|
||||
kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=kube-system --user=$USER-$SERVER
|
||||
else
|
||||
kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=$USER --user=$USER-$SERVER
|
||||
fi
|
||||
|
||||
kubectl config set current-context $SERVER-$USER
|
||||
echo "done"
|
||||
|
||||
if [ $USER=="admin" ]; then
|
||||
echo "Admin user created, skipping namespace"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Templating namespace with helm and copying to server"
|
||||
helm template $USER --set user=$USER ./namespace | ssh $SERVER "cat - > $SERVER_USER_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to template namespace. Is helm installed?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Creating namespace from template"
|
||||
ssh $SERVER "kubectl apply -f $SERVER_USER_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to create namespace"
|
||||
exit 1
|
||||
fi
|
||||
@@ -5,7 +5,7 @@ metadata:
|
||||
namespace: {{ .Release.Name }}
|
||||
spec:
|
||||
hard:
|
||||
requests.cpu: "1"
|
||||
requests.memory: "4Gi"
|
||||
requests.cpu: "6"
|
||||
requests.memory: "6Gi"
|
||||
limits.cpu: "12"
|
||||
limits.memory: "12G"
|
||||
limits.memory: "12Gi"
|
||||
@@ -8,6 +8,15 @@ export CA_CERT_DIR=$HOME/.kube/$SERVER
|
||||
|
||||
export SERVER_USER_DIR="~/.kube/users/$USER"
|
||||
|
||||
echo "Checking if project namespace exists"
|
||||
exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"")
|
||||
if [ -z $exists ]; then
|
||||
echo "Namespace not found, nothing to delete"
|
||||
exit 1
|
||||
else
|
||||
echo "Namespace exists, deleting"
|
||||
fi
|
||||
|
||||
echo "Removing server from config"
|
||||
kubectl config delete-cluster $SERVER
|
||||
kubectl config unset users.$USER-$SERVER
|
||||
34
updateprojectspace.sh
Executable file
34
updateprojectspace.sh
Executable file
@@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
|
||||
export PROJECT=$1
|
||||
export USER=$2
|
||||
export SERVER=$3
|
||||
|
||||
export SERVER_PROJECT_DIR="~/.kube/projects/$PROJECT"
|
||||
|
||||
echo "Checking if project namespace exists"
|
||||
exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"")
|
||||
if [ -z $exists ]; then
|
||||
echo "Namespace not found, nothing to update"
|
||||
exit 1
|
||||
else
|
||||
echo "Namespace exists, updating"
|
||||
fi
|
||||
|
||||
echo "Templating namespace with helm and copying to server"
|
||||
helm template $PROJECT ./namespace --set user=$USER | ssh $SERVER "cat - > $SERVER_PROJECT_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to template namespace. Is helm installed?"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Updating namespace with template"
|
||||
ssh $SERVER "kubectl apply -f $SERVER_PROJECT_DIR/namespace.yaml"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to update namespace"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "done"
|
||||
Reference in New Issue
Block a user