Created
January 13, 2022 07:47
-
-
Save ccat3z/bdab8d9d173fa4741606dbcec9cac19e to your computer and use it in GitHub Desktop.
Generate credential for k3s cluster admin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Based on scripts in https://github.com/k3s-io/k3s/issues/684 | |
| set -e | |
| clus_name="default" | |
| user="user" | |
| clus_url="https://127.0.0.1:6443" | |
| ca_path=/var/lib/rancher/k3s/server/tls | |
| day=3650 | |
| mkdir keys kube || true | |
| echo -e "\033[32m>> Generate key\033[0m" | |
| generate="keys/u-"$user | |
| #openssl genrsa -out $generate.key 2048 | |
| openssl ecparam -name prime256v1 -genkey -noout -out $generate.key | |
| openssl req -new -key $generate.key -out $generate.csr -subj "/CN=${user}/O=system:masters" | |
| openssl x509 -req -in $generate.csr -CA $ca_path/client-ca.crt -CAkey $ca_path/client-ca.key -CAcreateserial -out $generate.crt -days $day | |
| echo -e "\033[32m>> Generate kube config\033[0m" | |
| embed=true | |
| ctx="$user@$clus_name" | |
| config="kube/$user.kubeconfig" | |
| kubectl --kubeconfig=$config config set-cluster $clus_name --embed-certs=$embed --server=$clus_url --certificate-authority=$ca_path/server-ca.crt | |
| kubectl --kubeconfig=$config config set-credentials $user --embed-certs=$embed --client-certificate=$generate.crt --client-key=$generate.key | |
| kubectl --kubeconfig=$config config set-context $ctx --cluster=$clus_name --user=$user | |
| kubectl --kubeconfig=$config config set current-context $ctx | |
| # kubectl --kubeconfig=$config --context=$ctx get pods |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment