Skip to content

Instantly share code, notes, and snippets.

@ziwon

ziwon/create_user_cert.sh

Created May 6, 2019 08:37
Show Gist options
  • Save ziwon/534d29a8ad7c446f2bbd52f552b1f8da to your computer and use it in GitHub Desktop.
Save ziwon/534d29a8ad7c446f2bbd52f552b1f8da to your computer and use it in GitHub Desktop.
Download ZIP
user-cert
Raw
create_user_cert.sh
#!/bin/bash
create_user_cert(){
USER=$1
CERTS_PATH=/etc/kubernetes/pki/users/${USER}
echo "Creating certificates for user ${USER}"
mkdir -p ${CERTS_PATH}
openssl genrsa -out ${CERTS_PATH}/${USER}.key 2048
openssl req -new -key ${CERTS_PATH}/${USER}.key -subj "/CN=${USER}" -out ${CERTS_PATH}/${USER}.csr
openssl x509 -req -in ${CERTS_PATH}/${USER}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out ${CERTS_PATH}/${USER}.crt
}
if [[ $# -eq 0 ]] ; then
echo "No arguments supplied. Username(s) must be supplied. If multiple separate by space."
exit 1
fi
for user in "$@"
do
create_user_cert $user
done
Raw
gistfile1.txt
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: ${USER}
spec:
groups:
- system:authenticated
request: $(cat ${USER}.csr | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- server auth
EOF
Raw
kubectl-proxy.sh
#!/bin/bash
while true; do
kubectl proxy --port=8888 --address=0.0.0.0 --accept-hosts='^.*$'
echo "sleeping"
sleep 5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment