Skip to content

Instantly share code, notes, and snippets.

@fedir
Created June 4, 2025 14:53
Show Gist options
  • Save fedir/7cf98b365f87a86a4eb171e86269bd95 to your computer and use it in GitHub Desktop.
Save fedir/7cf98b365f87a86a4eb171e86269bd95 to your computer and use it in GitHub Desktop.
Simple Bash script to create a Kubeconfig file for kubectl for remote access to GKE from local PC // #GoogleCloud
#!/bin/bash
set -e
# Vérification des arguments
if [ $# -ne 2 ]; then
echo "Usage: $0 <nom_utilisateur> <cluster_endpoint>"
echo "Exemple: $0 user01 https://11.22.33.44"
exit 1
fi
USERNAME=$1
CLUSTER_ENDPOINT=$2
NAMESPACE=$USERNAME
SA_NAME=${USERNAME}-sa
SECRET_NAME=${SA_NAME}-token
KUBECONFIG_FILE=kubeconfig-${USERNAME}.yaml
echo "🔧 Création du namespace '$NAMESPACE'"
kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "🔧 Création du ServiceAccount '$SA_NAME'"
kubectl create serviceaccount $SA_NAME -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "🔐 Création manuelle du secret de token lié au ServiceAccount"
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: ${SECRET_NAME}
annotations:
kubernetes.io/service-account.name: "${SA_NAME}"
namespace: ${NAMESPACE}
type: kubernetes.io/service-account-token
EOF
# Attendre que le token soit prêt (généré par le contrôleur)
echo "⏳ Attente de la création du token dans le secret..."
until kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath="{.data.token}" 2>/dev/null | grep -q .; do
echo " ⏳ En attente..."
sleep 2
done
echo "🔧 Attribution des droits de lecture (RoleBinding)"
kubectl create rolebinding ${USERNAME}-rb \
--role=view \
--serviceaccount=${NAMESPACE}:${SA_NAME} \
--namespace=${NAMESPACE} \
--dry-run=client -o yaml | kubectl apply -f -
echo "🔐 Récupération du token du Secret"
USER_TOKEN=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath="{.data.token}" | base64 --decode)
CLUSTER_NAME=$(kubectl config view --minify -o jsonpath="{.clusters[0].name}")
CA_CERT=$(kubectl get secret $SECRET_NAME -n $NAMESPACE -o jsonpath="{.data['ca\.crt']}" | base64 --decode)
echo "📝 Génération du fichier kubeconfig → ${KUBECONFIG_FILE}"
cat <<EOF > $KUBECONFIG_FILE
apiVersion: v1
kind: Config
clusters:
- name: $CLUSTER_NAME
cluster:
server: $CLUSTER_ENDPOINT
certificate-authority-data: $(echo "$CA_CERT" | base64 | tr -d '\n')
contexts:
- name: $USERNAME-context
context:
cluster: $CLUSTER_NAME
namespace: $NAMESPACE
user: $USERNAME
current-context: $USERNAME-context
users:
- name: $USERNAME
user:
token: $USER_TOKEN
EOF
echo "✅ Fichier kubeconfig généré avec succès : $KUBECONFIG_FILE"
kubectl create rolebinding ${USERNAME}-admin-binding \
--clusterrole=admin \
--serviceaccount=${USERNAME}:${USERNAME}-sa \
--namespace=${USERNAME}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment