Skip to content

Commit 14a8938

Browse files
bastjanbastjan
authored
Document Dev SA account setup (#65)
1 parent e4aa1c0 commit 14a8938

File tree

2 files changed

+57
-64
lines changed

2 files changed

+57
-64
lines changed

README.md

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,3 +96,60 @@ while read -r patch; do
9696
kubectl patch mutatingwebhookconfigurations mutating-webhook-configuration --type=json -p "${patch}"
9797
done <<< "$patches"
9898
```
99+
100+
### Connect agent to control-api
101+
102+
Create ServiceAccount in control-api and save token to kubeconfig.
103+
104+
```sh
105+
# Switch to the control-api cluster you want to create the access for
106+
# $ kubectx appuio-api-integration
107+
# Update the zone name to match your name
108+
ZONE_NAME=my-test-zone
109+
110+
# Create a service account and the token
111+
NAMESPACE=default
112+
mkdir -p tk && cat <<EOF > tk/kustomization.yaml
113+
resources:
114+
- ../config/foreign_rbac
115+
namespace: ${NAMESPACE}
116+
namePrefix: ${ZONE_NAME}-
117+
EOF
118+
kubectl apply -k tk
119+
120+
CONTEXT=$(kubectl config current-context)
121+
NEW_CONTEXT=control-api-sa
122+
KUBECONFIG_FILE="kubeconfig-control-api"
123+
SECRET_NAME=${ZONE_NAME}-cloud-agent
124+
TOKEN_DATA=$(kubectl get secret ${SECRET_NAME} \
125+
--context ${CONTEXT} \
126+
--namespace ${NAMESPACE} \
127+
-o jsonpath='{.data.token}')
128+
TOKEN=$(echo ${TOKEN_DATA} | base64 -d)
129+
130+
rm -rf tk
131+
132+
# Create kubeconfig
133+
kubectl config view --raw > ${KUBECONFIG_FILE}.full.tmp
134+
kubectl --kubeconfig ${KUBECONFIG_FILE}.full.tmp config use-context ${CONTEXT}
135+
kubectl --kubeconfig ${KUBECONFIG_FILE}.full.tmp \
136+
config view --flatten --minify > ${KUBECONFIG_FILE}.tmp
137+
# Rename context
138+
kubectl config --kubeconfig ${KUBECONFIG_FILE}.tmp \
139+
rename-context ${CONTEXT} ${NEW_CONTEXT}
140+
# Create token user
141+
kubectl config --kubeconfig ${KUBECONFIG_FILE}.tmp \
142+
set-credentials ${CONTEXT}-${NAMESPACE}-token-user \
143+
--token ${TOKEN}
144+
kubectl config --kubeconfig ${KUBECONFIG_FILE}.tmp \
145+
set-context ${NEW_CONTEXT} --user ${CONTEXT}-${NAMESPACE}-token-user
146+
# Set context to correct namespace
147+
kubectl config --kubeconfig ${KUBECONFIG_FILE}.tmp \
148+
set-context ${NEW_CONTEXT} --namespace ${NAMESPACE}
149+
# Flatten/minify kubeconfig
150+
kubectl config --kubeconfig ${KUBECONFIG_FILE}.tmp \
151+
view --flatten --minify > ${KUBECONFIG_FILE}
152+
# Remove tmp
153+
rm ${KUBECONFIG_FILE}.full.tmp
154+
rm ${KUBECONFIG_FILE}.tmp
155+
```

scratchpad-help-sa-token.md

Lines changed: 0 additions & 64 deletions
This file was deleted.

0 commit comments

Comments
 (0)