leafney · October 13, 2019 18:32 · leafney · Oct 13, 2019
diff --git a/show_k8s_ca_and_token_from_service_account.sh b/show_k8s_ca_and_token_from_service_account.sh
 #!/bin/bash
 set -e
 set -o pipefail


 if [[ -z "$1" ]] || [[ -z "$2" ]]; then
  echo "usage: $0 <service_account_name> <namespace>"
  exit 1
 fi


 SERVICE_ACCOUNT_NAME=$1
 NAMESPACE="$2"
 TARGET_FOLDER="./tmp"

 create_target_folder() {
    echo -n "Creating target directory to hold files in ${TARGET_FOLDER}..."
    mkdir -p "${TARGET_FOLDER}"
    printf "done"
 }

 get_secret_name_from_service_account() {
    echo -e "\\nGetting secret of service account [${SERVICE_ACCOUNT_NAME}] on [${NAMESPACE}]"
    SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace="${NAMESPACE}" -o json | jq -r .secrets[].name)
    echo -e "\\nSecret name: ${SECRET_NAME}"
 }

 extract_ca_crt_from_secret() {
    echo -e -n "\\nExtracting ca.crt from secret..."
    kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq \
    -r '.data["ca.crt"]' | base64 --decode > "${TARGET_FOLDER}/ca.crt"
    printf "done"
 }

 get_user_token_from_secret() {
    echo -e -n "\\nExtracting user token from secret..."
    kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json | jq -r '.data["token"]' | base64 --decode > "${TARGET_FOLDER}/user.token"
    echo -e -n "\\n" >> "${TARGET_FOLDER}/user.token"
    printf "done"
 }


 create_target_folder
 get_secret_name_from_service_account
 extract_ca_crt_from_secret
 get_user_token_from_secret

 echo -e "\\nAll done!"
	#!/bin/bash
	set -e
	set -o pipefail


	if [[ -z "$1" ]] \|\| [[ -z "$2" ]]; then
	echo "usage: $0 <service_account_name> <namespace>"
	exit 1
	fi


	SERVICE_ACCOUNT_NAME=$1
	NAMESPACE="$2"
	TARGET_FOLDER="./tmp"

	create_target_folder() {
	echo -n "Creating target directory to hold files in ${TARGET_FOLDER}..."
	mkdir -p "${TARGET_FOLDER}"
	printf "done"
	}

	get_secret_name_from_service_account() {
	echo -e "\\nGetting secret of service account [${SERVICE_ACCOUNT_NAME}] on [${NAMESPACE}]"
	SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace="${NAMESPACE}" -o json \| jq -r .secrets[].name)
	echo -e "\\nSecret name: ${SECRET_NAME}"
	}

	extract_ca_crt_from_secret() {
	echo -e -n "\\nExtracting ca.crt from secret..."
	kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json \| jq \
	-r '.data["ca.crt"]' \| base64 --decode > "${TARGET_FOLDER}/ca.crt"
	printf "done"
	}

	get_user_token_from_secret() {
	echo -e -n "\\nExtracting user token from secret..."
	kubectl get secret --namespace "${NAMESPACE}" "${SECRET_NAME}" -o json \| jq -r '.data["token"]' \| base64 --decode > "${TARGET_FOLDER}/user.token"
	echo -e -n "\\n" >> "${TARGET_FOLDER}/user.token"
	printf "done"
	}


	create_target_folder
	get_secret_name_from_service_account
	extract_ca_crt_from_secret
	get_user_token_from_secret

	echo -e "\\nAll done!"