25 lines
1.4 KiB
Bash
Executable File
25 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
export USER=$1
|
|
export SERVER=$2
|
|
export CERT_DIR=$HOME/.kube/$SERVER/users/$USER
|
|
|
|
echo "generating certs"
|
|
mkdir -p $CERT_DIR
|
|
docker run -it -v $CERT_DIR:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048
|
|
docker run -it -v $CERT_DIR:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user"
|
|
echo "creating userspace"
|
|
rsync -av ./namespace $SERVER:~/
|
|
ssh $SERVER "/usr/local/bin/helm template $USER ./namespace | kubectl apply -f -"
|
|
echo "copying csr"
|
|
ssh $SERVER "mkdir -p ~/.kube/users/$USER"
|
|
scp $CERT_DIR/$USER.csr $SERVER:/tmp/$USER.csr
|
|
echo "signing cert"
|
|
export CERT_POD=$(ssh k3os-alpha "kubectl get pod -n kube-system --selector=app=certsigner --output=jsonpath={.items..metadata.name}")
|
|
ssh $SERVER "kubectl -n kube-system cp /tmp/$USER.csr $CERT_POD:/certs/$USER.csr"
|
|
ssh $SERVER "kubectl -n kube-system exec $CERT_POD -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c 'import random; print(random.randint(1000000000, 9999999999))') -out /certs/$USER.crt -days 5000"
|
|
ssh $SERVER "kubectl -n kube-system cp $CERT_POD:/certs/$USER.crt ~/.kube/users/$USER/$USER.crt"
|
|
echo "retrieving signed cert"
|
|
scp $SERVER:~/.kube/users/$USER/$USER.crt $CERT_DIR/$USER.crt
|
|
wget --no-check-certificate https://$SERVER:6443/cacerts -O $CERT_DIR/server-ca.pem
|
|
echo "done" |