From e33a239729b10d2b72c15dac586a4fe64ec0d0c1 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Mon, 25 May 2020 18:47:15 -0400 Subject: [PATCH] add scripts --- createadmin.sh | 8 ++++++++ createuser.sh | 4 ++-- userspace.sh => createuserspace.sh | 8 ++++---- 3 files changed, 14 insertions(+), 6 deletions(-) create mode 100755 createadmin.sh rename userspace.sh => createuserspace.sh (55%) mode change 100644 => 100755 diff --git a/createadmin.sh b/createadmin.sh new file mode 100755 index 0000000..f57a941 --- /dev/null +++ b/createadmin.sh @@ -0,0 +1,8 @@ +export USER=$1 +docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 +docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=admin/O=manager" +kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr +kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 +kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt +kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key +kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER \ No newline at end of file diff --git a/createuser.sh b/createuser.sh index 7f573d4..816fae0 100755 --- a/createuser.sh +++ b/createuser.sh @@ -1,5 +1,5 @@ #!/bin/bash export USER=$1 -docker run -it -v $(pwd)/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 -docker run -it -v $(pwd)/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user" \ No newline at end of file +docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 +docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user" \ No newline at end of file diff --git a/userspace.sh b/createuserspace.sh old mode 100644 new mode 100755 similarity index 55% rename from userspace.sh rename to createuserspace.sh index 332574b..96732ba --- a/userspace.sh +++ b/createuserspace.sh @@ -2,8 +2,8 @@ export USER=$1 helm template $USER ./namespace | kubectl --context admin apply -f - -kubectl --context admin cp $(pwd)/users/$USER/$USER.csr certsigner:/certs/$USER.csr +kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 -kubectl --context admin cp certsigner:/certs/$USER.crt $(pwd)/users/$USER/$USER.crt -kubectl config set-credentials $USER --client-certificate=$(pwd)/users/$USER/$USER.crt --client-key=$(pwd)/users/$USER/$USER.key -kubectl config set-context $USER --cluster=mainframe --namespace=$USER --user=$USER +kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt +kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key +kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER