diff --git a/adduser.sh b/adduser.sh index 1c0f853..7f22ab1 100755 --- a/adduser.sh +++ b/adduser.sh @@ -2,13 +2,26 @@ export USER=$1 export SERVER=$2 -export ADMIN=$3 export CERT_DIR=$HOME/.kube/$SERVER/users/$USER export CA_CERT_DIR=$HOME/.kube/$SERVER export SERVER_USER_DIR="~/.kube/users/$USER" +if [ -z $USER ]; then +echo "No arguments supplied! Format is ./adduser.sh " +exit 1 +fi + +if [ -z $SERVER ]; then +echo "No server supplied for user $USER" +exit 1 +fi + +if [ $USER=="admin" ]; then +echo "Creating admin user for server $SERVER" +fi + echo "Creating cert dir" mkdir -p $CERT_DIR @@ -19,7 +32,12 @@ fi echo "Generating openssl cert" docker run -it -v $CERT_DIR:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 + +if [ $USER=="admin" ]; then +docker run -it -v $CERT_DIR:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=system:masters" +else docker run -it -v $CERT_DIR:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user" +fi # /CN=admin/O=manager if [ $? -ne 0 ]; then @@ -37,22 +55,6 @@ if [ $? -ne 0 ]; then exit 1 fi -echo "Templating namespace with helm and copying to server" -helm template $USER --set user=$USER ./namespace | ssh $SERVER "cat - > $SERVER_USER_DIR/namespace.yaml" - -if [ $? -ne 0 ]; then - echo "Failed to template namespace. Is helm installed?" - exit 1 -fi - -echo "Creating namespace from template" -ssh $SERVER "kubectl apply -f $SERVER_USER_DIR/namespace.yaml" - -if [ $? -ne 0 ]; then - echo "Failed to create namespace" - exit 1 -fi - echo "Getting cert signing pod" export CERT_POD=$(ssh $SERVER "kubectl get pod -n kube-system --selector=app=certsigner --output=jsonpath={.items..metadata.name}") @@ -78,12 +80,37 @@ ssh $SERVER "kubectl -n kube-system cp $CERT_POD:/certs/$USER.crt ~/.kube/users/ echo "retrieving signed cert" scp $SERVER:$SERVER_USER_DIR/$USER.crt $CERT_DIR/$USER.crt - echo "retrieving server ca" wget --no-check-certificate https://$SERVER:6443/cacerts -O $CA_CERT_DIR/server-ca.pem echo "adding server to config with new context $SERVER-$USER" kubectl config set-cluster $SERVER --server=https://$SERVER:6443 --certificate-authority=$CA_CERT_DIR/server-ca.pem kubectl config set-credentials $USER-$SERVER --client-certificate=$CERT_DIR/$USER.crt --client-key=$CERT_DIR/$USER.key + +if [ $USER=="admin" ]; then +kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=kube-system --user=$USER-$SERVER +else kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=$USER --user=$USER-$SERVER +fi + kubectl config set current-context $SERVER-$USER -echo "done" \ No newline at end of file + +if [ $USER=="admin" ]; then +echo "Admin user created, skipping namespace" +exit 0 +fi + +echo "Templating namespace with helm and copying to server" +helm template $USER --set user=$USER ./namespace | ssh $SERVER "cat - > $SERVER_USER_DIR/namespace.yaml" + +if [ $? -ne 0 ]; then + echo "Failed to template namespace. Is helm installed?" + exit 1 +fi + +echo "Creating namespace from template" +ssh $SERVER "kubectl apply -f $SERVER_USER_DIR/namespace.yaml" + +if [ $? -ne 0 ]; then + echo "Failed to create namespace" + exit 1 +fi \ No newline at end of file diff --git a/namespace/templates/resourcequota.yaml b/namespace/templates/resourcequota.yaml index 0fa1020..a769355 100644 --- a/namespace/templates/resourcequota.yaml +++ b/namespace/templates/resourcequota.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ .Release.Name }} spec: hard: - requests.cpu: "1" - requests.memory: "4Gi" + requests.cpu: "6" + requests.memory: "6Gi" limits.cpu: "12" - limits.memory: "12G" \ No newline at end of file + limits.memory: "12Gi" \ No newline at end of file diff --git a/deleteuserspace.sh b/removeuserspace.sh similarity index 66% rename from deleteuserspace.sh rename to removeuserspace.sh index 38d439d..67d3345 100755 --- a/deleteuserspace.sh +++ b/removeuserspace.sh @@ -8,6 +8,15 @@ export CA_CERT_DIR=$HOME/.kube/$SERVER export SERVER_USER_DIR="~/.kube/users/$USER" +echo "Checking if project namespace exists" +exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"") +if [ -z $exists ]; then + echo "Namespace not found, nothing to delete" + exit 1 +else + echo "Namespace exists, deleting" +fi + echo "Removing server from config" kubectl config delete-cluster $SERVER kubectl config unset users.$USER-$SERVER diff --git a/updateprojectspace.sh b/updateprojectspace.sh new file mode 100755 index 0000000..9f474de --- /dev/null +++ b/updateprojectspace.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +export PROJECT=$1 +export USER=$2 +export SERVER=$3 + +export SERVER_PROJECT_DIR="~/.kube/projects/$PROJECT" + +echo "Checking if project namespace exists" +exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"") +if [ -z $exists ]; then + echo "Namespace not found, nothing to update" + exit 1 +else + echo "Namespace exists, updating" +fi + +echo "Templating namespace with helm and copying to server" +helm template $PROJECT ./namespace --set user=$USER | ssh $SERVER "cat - > $SERVER_PROJECT_DIR/namespace.yaml" + +if [ $? -ne 0 ]; then + echo "Failed to template namespace. Is helm installed?" + exit 1 +fi + +echo "Updating namespace with template" +ssh $SERVER "kubectl apply -f $SERVER_PROJECT_DIR/namespace.yaml" + +if [ $? -ne 0 ]; then + echo "Failed to update namespace" + exit 1 +fi + +echo "done" \ No newline at end of file