From 18f62b5fb0185549d7c6be07f7a2d61489442ce8 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Fri, 24 Dec 2021 15:42:07 -0400 Subject: [PATCH] version 1 release --- README.md | 35 ++- adduser.sh | 26 ++- .../templates/deploy.yaml => certsigner.yaml | 6 +- charts/certsigner/0.0.1/Chart.yaml | 23 -- charts/certsigner/0.0.1/app-readme.md | 3 - .../0.0.1/templates/clusterrolebinding.yaml | 12 - charts/certsigner/0.0.1/values.yaml | 0 charts/certsigner/item.yaml | 3 - charts/namespace/0.0.1/.helmignore | 23 -- charts/namespace/0.0.1/README.md | 211 ------------------ charts/namespace/0.0.1/questions.yaml | 37 --- .../namespace/0.0.1/templates/limitrange.yaml | 14 -- charts/namespace/item.yaml | 3 - .../clusterrole.yaml => cluster-readonly.yaml | 17 +- createprojectspace.sh | 17 +- .../0.0.1 => namespace}/.helmignore | 0 .../namespace/0.0.1 => namespace}/Chart.yaml | 0 .../certsigner/0.0.1 => namespace}/README.md | 0 .../0.0.1 => namespace}/app-readme.md | 0 .../0.0.1 => namespace}/questions.yaml | 0 .../templates/clusterrole.yaml | 0 namespace/templates/limitrange.yaml | 14 ++ .../templates/namespace.yaml | 0 .../templates/resourcequota.yaml | 0 .../0.0.1 => namespace}/templates/role.yaml | 0 .../templates/rolebinding.yaml | 0 .../namespace/0.0.1 => namespace}/values.yaml | 0 removeuserspace.sh | 22 +- setenv.sh | 1 - setup.sh | 10 + updateprojectspace.sh | 9 +- 31 files changed, 104 insertions(+), 382 deletions(-) rename charts/certsigner/0.0.1/templates/deploy.yaml => certsigner.yaml (88%) delete mode 100644 charts/certsigner/0.0.1/Chart.yaml delete mode 100644 charts/certsigner/0.0.1/app-readme.md delete mode 100644 charts/certsigner/0.0.1/templates/clusterrolebinding.yaml delete mode 100644 charts/certsigner/0.0.1/values.yaml delete mode 100644 charts/certsigner/item.yaml delete mode 100644 charts/namespace/0.0.1/.helmignore delete mode 100644 charts/namespace/0.0.1/README.md delete mode 100644 charts/namespace/0.0.1/questions.yaml delete mode 100644 charts/namespace/0.0.1/templates/limitrange.yaml delete mode 100644 charts/namespace/item.yaml rename charts/certsigner/0.0.1/templates/clusterrole.yaml => cluster-readonly.yaml (53%) rename {charts/certsigner/0.0.1 => namespace}/.helmignore (100%) rename {charts/namespace/0.0.1 => namespace}/Chart.yaml (100%) rename {charts/certsigner/0.0.1 => namespace}/README.md (100%) rename {charts/namespace/0.0.1 => namespace}/app-readme.md (100%) rename {charts/certsigner/0.0.1 => namespace}/questions.yaml (100%) rename {charts/namespace/0.0.1 => namespace}/templates/clusterrole.yaml (100%) create mode 100644 namespace/templates/limitrange.yaml rename {charts/namespace/0.0.1 => namespace}/templates/namespace.yaml (100%) rename {charts/namespace/0.0.1 => namespace}/templates/resourcequota.yaml (100%) rename {charts/namespace/0.0.1 => namespace}/templates/role.yaml (100%) rename {charts/namespace/0.0.1 => namespace}/templates/rolebinding.yaml (100%) rename {charts/namespace/0.0.1 => namespace}/values.yaml (100%) delete mode 100755 setenv.sh create mode 100755 setup.sh diff --git a/README.md b/README.md index 35a6f6e..f6ec8af 100644 --- a/README.md +++ b/README.md @@ -4,27 +4,23 @@ ### Quickstart -1. Start Docker -2. Run createprojectspace.sh - ```bash -./createprojectspace.sh +# Create certsigner pod for all other operations +./setup.sh + +# Create a user, use "admin" to create an admin user +./adduser + +# Create a namespace and allow to access it +./createprojectspace + +# Update a project namespace with the contents of ./namespace +./updateprojectspace + +# Remove a user, their namespace, and their access +./removeuserspace ``` -### Update a user - -```bash -export USER=user -helm template $USER ./namespace | kubectl --context admin apply -f - -``` - -### Objectives - -1. Provision a namespace with clusterroles, rolebindings, and a dedicated nfs-provisioner with one helm chart -2. Create an easy way for users to sign their certificates -3. Create a cleanup script without deleting user data -4. profit - ### Userspace #### Namespace @@ -122,7 +118,8 @@ kubectl -n kube-system create secret generic certsigner --from-file /var/lib/ran #### Set up the certsigner pod ```bash -kubectl --context admin apply -f certsigner +scp certsigner.yaml :~/certsigner.yaml +kubectl apply -f certsigner.yaml ``` #### Generate a cert diff --git a/adduser.sh b/adduser.sh index d3c6213..7feab33 100755 --- a/adduser.sh +++ b/adduser.sh @@ -1,15 +1,20 @@ #!/bin/bash -export USER=$1 -export SERVER=$2 +# Use +# ./adduser.sh + +export SERVER=$1 +export USER=$2 export CERT_DIR=$HOME/.kube/$SERVER/users/$USER export CA_CERT_DIR=$HOME/.kube/$SERVER export SERVER_USER_DIR="~/.kube/users/$USER" +export SERVER_NAME=$(echo "$SERVER" | sed 's/\./-/g') +export SERVER_USER="$USER-$SERVER_NAME" if [ -z $USER ]; then -echo "No arguments supplied! Format is ./adduser.sh " +echo "No arguments supplied! Format is ./adduser.sh " exit 1 fi @@ -82,17 +87,15 @@ scp $SERVER:$SERVER_USER_DIR/$USER.crt $CERT_DIR/$USER.crt echo "retrieving server ca" wget --no-check-certificate https://$SERVER:6443/cacerts -O $CA_CERT_DIR/server-ca.pem + echo "adding server to config with new context $SERVER-$USER" kubectl config set-cluster $SERVER --server=https://$SERVER:6443 --certificate-authority=$CA_CERT_DIR/server-ca.pem -kubectl config set-credentials $USER-$SERVER --client-certificate=$CERT_DIR/$USER.crt --client-key=$CERT_DIR/$USER.key -if [ $USER = "admin" ]; then -kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=kube-system --user=$USER-$SERVER -else -kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=$USER --user=$USER-$SERVER -fi +echo "adding user to config file" +kubectl config set-credentials $SERVER_USER --client-certificate=$CERT_DIR/$USER.crt --client-key=$CERT_DIR/$USER.key -kubectl config set current-context $SERVER-$USER +echo "setting context" +kubectl config set contexts.$(kubectl config current-context).user $SERVER_USER if [ $USER = "admin" ]; then echo "Admin user created, skipping namespace" @@ -110,6 +113,9 @@ fi echo "Creating namespace from template" ssh $SERVER "kubectl apply -f $SERVER_USER_DIR/namespace.yaml" +echo "Setting namespace context" +kubectl config set contexts.$(kubectl config current-context).namespace $USER + if [ $? -ne 0 ]; then echo "Failed to create namespace" exit 1 diff --git a/charts/certsigner/0.0.1/templates/deploy.yaml b/certsigner.yaml similarity index 88% rename from charts/certsigner/0.0.1/templates/deploy.yaml rename to certsigner.yaml index 6ae7b73..d22ff18 100644 --- a/charts/certsigner/0.0.1/templates/deploy.yaml +++ b/certsigner.yaml @@ -7,11 +7,11 @@ spec: replicas: 1 selector: matchLabels: - app: {{ .Release.Name }} + app: certsigner template: metadata: labels: - app: {{ .Release.Name }} + app: certsigner spec: containers: - name: certsigner @@ -36,4 +36,4 @@ spec: secretName: certsigner - name: certs emptyDir: {} - restartPolicy: Always \ No newline at end of file + restartPolicy: Always diff --git a/charts/certsigner/0.0.1/Chart.yaml b/charts/certsigner/0.0.1/Chart.yaml deleted file mode 100644 index f7cd511..0000000 --- a/charts/certsigner/0.0.1/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v2 -name: certsigner -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.16.0 diff --git a/charts/certsigner/0.0.1/app-readme.md b/charts/certsigner/0.0.1/app-readme.md deleted file mode 100644 index 6dc02bb..0000000 --- a/charts/certsigner/0.0.1/app-readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# Certsigner - -Signs your certs. What more could you want? diff --git a/charts/certsigner/0.0.1/templates/clusterrolebinding.yaml b/charts/certsigner/0.0.1/templates/clusterrolebinding.yaml deleted file mode 100644 index a6df770..0000000 --- a/charts/certsigner/0.0.1/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-readonly -subjects: -- kind: Group - name: user - apiGroup: "" -roleRef: - kind: ClusterRole - name: cluster-readonly - apiGroup: "" \ No newline at end of file diff --git a/charts/certsigner/0.0.1/values.yaml b/charts/certsigner/0.0.1/values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/charts/certsigner/item.yaml b/charts/certsigner/item.yaml deleted file mode 100644 index 8e9feaf..0000000 --- a/charts/certsigner/item.yaml +++ /dev/null @@ -1,3 +0,0 @@ -categories: - - generic -icon_url: "http://ix_url" diff --git a/charts/namespace/0.0.1/.helmignore b/charts/namespace/0.0.1/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/namespace/0.0.1/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/namespace/0.0.1/README.md b/charts/namespace/0.0.1/README.md deleted file mode 100644 index 35a6f6e..0000000 --- a/charts/namespace/0.0.1/README.md +++ /dev/null @@ -1,211 +0,0 @@ -# Project Userspace - -## One provisioner to rule them all - -### Quickstart - -1. Start Docker -2. Run createprojectspace.sh - -```bash -./createprojectspace.sh -``` - -### Update a user - -```bash -export USER=user -helm template $USER ./namespace | kubectl --context admin apply -f - -``` - -### Objectives - -1. Provision a namespace with clusterroles, rolebindings, and a dedicated nfs-provisioner with one helm chart -2. Create an easy way for users to sign their certificates -3. Create a cleanup script without deleting user data -4. profit - -### Userspace - -#### Namespace - -```yaml -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Name }} -``` - -#### Roles - -```yaml -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: namespace-manager - namespace: {{ .Release.Name }} -rules: -- apiGroups: - - "" - - extensions - - apps - - batch - - autoscaling - - networking.k8s.io - - traefik.containo.us - - rbac.authorization.k8s.io - - metrics.k8s.io - resources: - - deployments - - replicasets - - pods - - pods/exec - - pods/log - - pods/attach - - daemonsets - - statefulsets - - replicationcontrollers - - horizontalpodautoscalers - - services - - ingresses - - persistentvolumeclaims - - jobs - - cronjobs - - secrets - - configmaps - - serviceaccounts - - rolebindings - - ingressroutes - - middlewares - - endpoints - verbs: - - "*" -- apiGroups: - - "" - - metrics.k8s.io - - rbac.authorization.k8s.io - resources: - - resourcequotas - - roles - verbs: - - list -``` - -#### Rolebinding - -```yaml -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: {{ .Release.Name }} - name: namespace-manager -subjects: -- kind: User - name: {{ .Release.Name }} - apiGroup: "" -roleRef: - kind: ClusterRole - name: namespace-manager - apiGroup: "" -``` - -### Create a kubernetes certsigner pod - -This keeps the client-ca crt and key secret and allows the cert to be signed and stored on the pod - -#### Create the certsigner secret - -```bash -kubectl -n kube-system create secret generic certsigner --from-file /var/lib/rancher/k3s/server/tls/client-ca.crt --from-file /var/lib/rancher/k3s/server/tls/client-ca.key -``` - -#### Set up the certsigner pod - -```bash -kubectl --context admin apply -f certsigner -``` - -#### Generate a cert - -```bash -export USER= -docker run -it -v $(pwd)/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 -docker run -it -v $(pwd)/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user" -``` - -#### Create a new Userspace - -```bash -helm template $USER ./namespace | kubectl --context admin apply -f - -``` - -#### Sign the cert - -```bash -export USER= -kubectl --context admin cp $(pwd)/users/$USER/$USER.csr certsigner:/certs/$USER.csr -kubectl --context admin exec -it --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -CAcreateserial -out /certs/$USER.crt -days 5000 -kubectl --context admin cp certsigner:/certs/$USER.crt $(pwd)/users/$USER/$USER.crt -``` - -#### Add to the config - -```bash -kubectl config set-credentials $USER --client-certificate=$USER.crt --client-key=$USER.key -kubectl config set-context $USER --cluster=mainframe --namespace=$USER --user=$USER -``` - -#### Delete - -```bash -kubectl config delete-context $USER -helm template $USER ./namespace | kubectl --context admin delete -f - -``` - -### Signing a user cert - detailed notes - -NOTE: ca.crt and ca.key are in /var/lib/rancher/k3s/server/tls/client-ca.* - -```bash -# First we create the credentials -# /CN= - the user -# /O= - the group - -# Navigate to the user directory -export USER= -cd $USER - -# Generate a private key -openssl genrsa -out $USER.key 2048 -# Check the key -# openssl pkey -in ca.key -noout -text -# Generate and send me the CSR -# The "user" group is my default group -openssl req -new -key $USER.key -out $USER.csr -subj "/CN=$USER/O=user" - -# Check the CSR -# openssl req -in $USER.csr -noout -text -# If satisfactory, sign the CSR -# Copy from /var/lib/rancher/k3s/server/tls/client-ca.crt and client-ca.key -openssl x509 -req -in $USER.csr -CA ../client-ca.crt -CAkey ../client-ca.key -CAcreateserial -out $USER.crt -days 5000 -# Review the certificate -# openssl x509 -in $USER.crt -text -noout - -# Send back the crt -# cp $USER.crt $USER.key ../server-ca.crt ~/.kube/ -kubectl config set-credentials $USER --client-certificate=$USER.crt --client-key=$USER.key -kubectl config set-context $USER --cluster=mainframe --namespace=$USER --user=$USER - -# Now we create the namespace, rolebindings, and resource quotas -# kubectl apply -f k8s/ - -# Add the cluster -# CA file can be found at https://3.14.3.100:6443/cacerts -- cluster: - certificate-authority: server-ca.crt - server: https://3.14.3.100:6443 - name: mainframe - -# Test if everything worked -kubectl --context=$USER-context get pods -``` diff --git a/charts/namespace/0.0.1/questions.yaml b/charts/namespace/0.0.1/questions.yaml deleted file mode 100644 index 5f38ca0..0000000 --- a/charts/namespace/0.0.1/questions.yaml +++ /dev/null @@ -1,37 +0,0 @@ -groups: - - name: "Container Images" - description: "Image to be used for container" -questions: - - variable: image - description: "Docker Image Details" - group: "Container Images" - label: "Docker Image" - schema: - type: dict - required: true - attrs: - - variable: repository - description: "Docker image repository" - label: "Image repository" - schema: - type: string - required: true - - variable: tag - description: "Tag to use for specified image" - label: "Image Tag" - schema: - type: string - default: "latest" - - variable: pullPolicy - description: "Docker Image Pull Policy" - label: "Image Pull Policy" - schema: - type: string - default: "IfNotPresent" - enum: - - value: "IfNotPresent" - description: "Only pull image if not present on host" - - value: "Always" - description: "Always pull image even if present on host" - - value: "Never" - description: "Never pull image even if it's not present on host" diff --git a/charts/namespace/0.0.1/templates/limitrange.yaml b/charts/namespace/0.0.1/templates/limitrange.yaml deleted file mode 100644 index 7d0201f..0000000 --- a/charts/namespace/0.0.1/templates/limitrange.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - name: default - namespace: {{ .Release.Name }} -spec: - limits: - - default: - memory: 128Mi - cpu: 100m - defaultRequest: - memory: 1Mi - cpu: 1m - type: Container \ No newline at end of file diff --git a/charts/namespace/item.yaml b/charts/namespace/item.yaml deleted file mode 100644 index 8e9feaf..0000000 --- a/charts/namespace/item.yaml +++ /dev/null @@ -1,3 +0,0 @@ -categories: - - generic -icon_url: "http://ix_url" diff --git a/charts/certsigner/0.0.1/templates/clusterrole.yaml b/cluster-readonly.yaml similarity index 53% rename from charts/certsigner/0.0.1/templates/clusterrole.yaml rename to cluster-readonly.yaml index bee03a6..8e04fc6 100644 --- a/charts/certsigner/0.0.1/templates/clusterrole.yaml +++ b/cluster-readonly.yaml @@ -12,4 +12,19 @@ rules: resources: - storageclasses verbs: - - list \ No newline at end of file + - list + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cluster-readonly +subjects: +- kind: Group + name: user + apiGroup: "" +roleRef: + kind: ClusterRole + name: cluster-readonly + apiGroup: "" diff --git a/createprojectspace.sh b/createprojectspace.sh index c658cbe..858e83d 100755 --- a/createprojectspace.sh +++ b/createprojectspace.sh @@ -1,10 +1,15 @@ #!/bin/bash -export PROJECT=$1 +# Use +# ./createprojectspace + +export SERVER=$1 export USER=$2 -export SERVER=$3 +export PROJECT=$3 export SERVER_PROJECT_DIR="~/.kube/projects/$PROJECT" +export SERVER_NAME=$(echo "$SERVER" | sed 's/\./-/g') +export SERVER_USER="$USER-$SERVER_NAME" echo "Checking if project namespace exists" exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"") @@ -39,7 +44,7 @@ if [ $? -ne 0 ]; then exit 1 fi -echo "adding server to config with new context $SERVER-$USER" -kubectl config set-context $SERVER-$USER-$PROJECT --cluster=$SERVER --namespace=$PROJECT --user=$USER-$SERVER -kubectl config set current-context $SERVER-$USER-$PROJECT -echo "done" \ No newline at end of file +echo "Setting config" +kubectl config set contexts.$(kubectl config current-context).namespace $PROJECT +kubectl config set contexts.$(kubectl config current-context).user $SERVER_USER +echo "done" diff --git a/charts/certsigner/0.0.1/.helmignore b/namespace/.helmignore similarity index 100% rename from charts/certsigner/0.0.1/.helmignore rename to namespace/.helmignore diff --git a/charts/namespace/0.0.1/Chart.yaml b/namespace/Chart.yaml similarity index 100% rename from charts/namespace/0.0.1/Chart.yaml rename to namespace/Chart.yaml diff --git a/charts/certsigner/0.0.1/README.md b/namespace/README.md similarity index 100% rename from charts/certsigner/0.0.1/README.md rename to namespace/README.md diff --git a/charts/namespace/0.0.1/app-readme.md b/namespace/app-readme.md similarity index 100% rename from charts/namespace/0.0.1/app-readme.md rename to namespace/app-readme.md diff --git a/charts/certsigner/0.0.1/questions.yaml b/namespace/questions.yaml similarity index 100% rename from charts/certsigner/0.0.1/questions.yaml rename to namespace/questions.yaml diff --git a/charts/namespace/0.0.1/templates/clusterrole.yaml b/namespace/templates/clusterrole.yaml similarity index 100% rename from charts/namespace/0.0.1/templates/clusterrole.yaml rename to namespace/templates/clusterrole.yaml diff --git a/namespace/templates/limitrange.yaml b/namespace/templates/limitrange.yaml new file mode 100644 index 0000000..e07a5c0 --- /dev/null +++ b/namespace/templates/limitrange.yaml @@ -0,0 +1,14 @@ +# apiVersion: v1 +# kind: LimitRange +# metadata: +# name: default +# namespace: {{ .Release.Name }} +# spec: +# limits: +# - default: +# memory: 128Mi +# cpu: 100m +# defaultRequest: +# memory: 1Mi +# cpu: 1m +# type: Container diff --git a/charts/namespace/0.0.1/templates/namespace.yaml b/namespace/templates/namespace.yaml similarity index 100% rename from charts/namespace/0.0.1/templates/namespace.yaml rename to namespace/templates/namespace.yaml diff --git a/charts/namespace/0.0.1/templates/resourcequota.yaml b/namespace/templates/resourcequota.yaml similarity index 100% rename from charts/namespace/0.0.1/templates/resourcequota.yaml rename to namespace/templates/resourcequota.yaml diff --git a/charts/namespace/0.0.1/templates/role.yaml b/namespace/templates/role.yaml similarity index 100% rename from charts/namespace/0.0.1/templates/role.yaml rename to namespace/templates/role.yaml diff --git a/charts/namespace/0.0.1/templates/rolebinding.yaml b/namespace/templates/rolebinding.yaml similarity index 100% rename from charts/namespace/0.0.1/templates/rolebinding.yaml rename to namespace/templates/rolebinding.yaml diff --git a/charts/namespace/0.0.1/values.yaml b/namespace/values.yaml similarity index 100% rename from charts/namespace/0.0.1/values.yaml rename to namespace/values.yaml diff --git a/removeuserspace.sh b/removeuserspace.sh index 67d3345..86079c3 100755 --- a/removeuserspace.sh +++ b/removeuserspace.sh @@ -1,15 +1,20 @@ #!/bin/bash -export USER=$1 -export SERVER=$2 +# Use +# ./removeuserspace + +export SERVER=$1 +export USER=$2 export CERT_DIR=$HOME/.kube/$SERVER/users/$USER export CA_CERT_DIR=$HOME/.kube/$SERVER export SERVER_USER_DIR="~/.kube/users/$USER" +export SERVER_NAME=$(echo "$SERVER" | sed 's/\./-/g') +export SERVER_USER="$USER-$SERVER_NAME" echo "Checking if project namespace exists" -exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$PROJECT')].metadata.name}\"") +exists=$(ssh $SERVER "kubectl get namespace --output=jsonpath=\"{.items[?(@.metadata.name=='$USER')].metadata.name}\"") if [ -z $exists ]; then echo "Namespace not found, nothing to delete" exit 1 @@ -17,12 +22,6 @@ else echo "Namespace exists, deleting" fi -echo "Removing server from config" -kubectl config delete-cluster $SERVER -kubectl config unset users.$USER-$SERVER -kubectl config delete-context $SERVER-$USER -kubectl config unset current-context - echo "Deleting user namespace" ssh $SERVER "kubectl delete -f $SERVER_USER_DIR/namespace.yaml" @@ -30,4 +29,7 @@ echo "Deleting remote cert dir" ssh $SERVER "rm -rf $SERVER_USER_DIR" echo "Deleting local cert dir" -rm -rf $CERT_DIR \ No newline at end of file +rm -rf $CERT_DIR + +echo "Removing from kubeconfig" +kubectl config delete-user $SERVER_USER diff --git a/setenv.sh b/setenv.sh deleted file mode 100755 index e957a8a..0000000 --- a/setenv.sh +++ /dev/null @@ -1 +0,0 @@ -kubectl config set current-context k3os-alpha.dnet-admin \ No newline at end of file diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..fdb2b55 --- /dev/null +++ b/setup.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Use +# ./setup.sh + +export SERVER=$1 + +ssh $SERVER sudo kubectl -n kube-system create secret generic certsigner --from-file /var/lib/rancher/k3s/server/tls/client-ca.crt --from-file /var/lib/rancher/k3s/server/tls/client-ca.key +scp certsigner.yaml $SERVER:~/certsigner.yaml +ssh $SERVER kubectl apply -f certsigner.yaml diff --git a/updateprojectspace.sh b/updateprojectspace.sh index 9f474de..62be304 100755 --- a/updateprojectspace.sh +++ b/updateprojectspace.sh @@ -1,8 +1,11 @@ #!/bin/bash -export PROJECT=$1 +# Use +# ./updateprojectspace + +export SERVER=$1 export USER=$2 -export SERVER=$3 +export PROJECT=$3 export SERVER_PROJECT_DIR="~/.kube/projects/$PROJECT" @@ -31,4 +34,4 @@ if [ $? -ne 0 ]; then exit 1 fi -echo "done" \ No newline at end of file +echo "done"