also update kube config on user creation

genuserspace.sh

@@ -2,7 +2,9 @@
 
 export USER=$1
 export SERVER=$2
+
 export CERT_DIR=$HOME/.kube/$SERVER/users/$USER
+export CA_CERT_DIR=$HOME/.kube/$SERVER
 
 echo "generating certs"
 mkdir -p $CERT_DIR
@@ -21,5 +23,11 @@ ssh $SERVER "kubectl -n kube-system exec $CERT_POD -- openssl x509 -in /certs/$U
 ssh $SERVER "kubectl -n kube-system cp $CERT_POD:/certs/$USER.crt ~/.kube/users/$USER/$USER.crt"
 echo "retrieving signed cert"
 scp $SERVER:~/.kube/users/$USER/$USER.crt $CERT_DIR/$USER.crt
-wget --no-check-certificate https://$SERVER:6443/cacerts -O $CERT_DIR/server-ca.pem
+echo "retrieving server ca"
+wget --no-check-certificate https://$SERVER:6443/cacerts -O $CA_CERT_DIR/server-ca.pem
+echo "adding server to config with new context $SERVER-$USER"
+kubectl config set-cluster $SERVER --server=https://$SERVER:6443 --certificate-authority=$CA_CERT_DIR/server-ca.pem
+kubectl config set-credentials $USER --client-certificate=$CERT_DIR/$USER.crt --client-key=$CERT_DIR/$USER.key
+kubectl config set-context $SERVER-$USER --cluster=$SERVER --namespace=$USER --user=$USER
+kubectl config set current-context $SERVER-$USER
 echo "done"

namespace/templates/role.yaml

@@ -53,7 +53,7 @@ rules:
     - get
 ---
 kind: Role
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: namespace-readonly
   namespace: {{ .Release.Name }}