services/userspace
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

fix adding users who supply their own key

Browse Source
This commit is contained in:
ducoterra
2020-06-13 09:53:25 -04:00
parent e33a239729
commit 659aae57f3
4 changed files with 9 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adduser.sh Normal file
View File

@@ -0,0 +1,2 @@
kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key
kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER

12
certsigner/pod.yaml
View File

@@ -17,15 +17,15 @@ spec:
memory: 100Mi memory: 100Mi
cpu: 100m cpu: 100m
volumeMounts: volumeMounts:
- mountPath: /certs
name: certs
- mountPath: /keys - mountPath: /keys
name: keys name: keys
- mountPath: /certs
name: certs
volumes: volumes:
- name: certs
persistentVolumeClaim:
claimName: certsigner-certs
- name: keys - name: keys
secret: secret:
secretName: certsigner secretName: certs
- name: certs
emptyDir: {}
restartPolicy: Always restartPolicy: Always

11
certsigner/pvc.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: certsigner-certs
namespace: kube-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

4
createuserspace.sh
View File

@@ -4,6 +4,4 @@ export USER=$1
helm template $USER ./namespace | kubectl --context admin apply -f - helm template $USER ./namespace | kubectl --context admin apply -f -
kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key
kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER