|
| 1 | +#!/bin/bash |
| 2 | + |
| 3 | +# Function to check if a command exists |
| 4 | +command_exists() { |
| 5 | + command -v "$1" >/dev/null 2>&1 |
| 6 | +} |
| 7 | + |
| 8 | +# Function to display usage information |
| 9 | +usage() { |
| 10 | + echo "Usage: $0 <namespace> [kubeconfig_directory] [token_duration]" |
| 11 | + echo " namespace: The Kubernetes namespace" |
| 12 | + echo " kubeconfig_directory: Directory to store kubeconfig files (default: kubeconfigs)" |
| 13 | + echo " token_duration: Duration of the token in seconds (default: 600 seconds / 10 minutes)" |
| 14 | + exit 1 |
| 15 | +} |
| 16 | + |
| 17 | +# Check for required commands |
| 18 | +if ! command_exists kubectl; then |
| 19 | + echo "kubectl is not installed. Please install it and try again." |
| 20 | + exit 1 |
| 21 | +fi |
| 22 | + |
| 23 | +# Check if namespace argument is provided |
| 24 | +if [ $# -eq 0 ]; then |
| 25 | + usage |
| 26 | +fi |
| 27 | + |
| 28 | +NAMESPACE=$1 |
| 29 | +KUBECONFIG_DIR=${2:-"kubeconfigs"} |
| 30 | +TOKEN_DURATION=${3:-600} |
| 31 | + |
| 32 | +CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[0].name}') |
| 33 | +CLUSTER_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') |
| 34 | +CLUSTER_CA=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}') |
| 35 | + |
| 36 | +# Create the directory to store the kubeconfig files |
| 37 | +mkdir -p "$KUBECONFIG_DIR" |
| 38 | + |
| 39 | +# Get all ServiceAccounts in the namespace |
| 40 | +SERVICE_ACCOUNTS=$(kubectl get serviceaccounts -n $NAMESPACE -o jsonpath='{.items[*].metadata.name}') |
| 41 | + |
| 42 | +for SA in $SERVICE_ACCOUNTS; do |
| 43 | + echo "Processing ServiceAccount: $SA" |
| 44 | + |
| 45 | + # Create a token for the ServiceAccount with specified duration |
| 46 | + TOKEN=$(kubectl create token $SA -n $NAMESPACE --duration="${TOKEN_DURATION}s") |
| 47 | + |
| 48 | + if [ -z "$TOKEN" ]; then |
| 49 | + echo "Failed to create token for ServiceAccount $SA. Skipping..." |
| 50 | + continue |
| 51 | + fi |
| 52 | + |
| 53 | + # Create a kubeconfig file for the user |
| 54 | + KUBECONFIG_FILE="$KUBECONFIG_DIR/${SA}-${NAMESPACE}-kubeconfig" |
| 55 | + |
| 56 | + cat << EOF > "$KUBECONFIG_FILE" |
| 57 | +apiVersion: v1 |
| 58 | +kind: Config |
| 59 | +clusters: |
| 60 | +- name: ${CLUSTER_NAME} |
| 61 | + cluster: |
| 62 | + server: ${CLUSTER_SERVER} |
| 63 | + certificate-authority-data: ${CLUSTER_CA} |
| 64 | +users: |
| 65 | +- name: ${SA} |
| 66 | + user: |
| 67 | + token: ${TOKEN} |
| 68 | +contexts: |
| 69 | +- name: ${SA}-${NAMESPACE} |
| 70 | + context: |
| 71 | + cluster: ${CLUSTER_NAME} |
| 72 | + namespace: ${NAMESPACE} |
| 73 | + user: ${SA} |
| 74 | +current-context: ${SA}-${NAMESPACE} |
| 75 | +EOF |
| 76 | + |
| 77 | + echo "Created kubeconfig file for $SA: $KUBECONFIG_FILE" |
| 78 | + echo "Token duration: ${TOKEN_DURATION} seconds" |
| 79 | + echo "To use this config, run: kubectl --kubeconfig=$KUBECONFIG_FILE get pods" |
| 80 | + echo "---" |
| 81 | +done |
| 82 | + |
| 83 | +echo "All kubeconfig files have been created in the '$KUBECONFIG_DIR' directory." |
| 84 | +echo "Distribute these files to the respective users." |
| 85 | +echo "Users can then use them with kubectl by specifying the --kubeconfig flag or by setting the KUBECONFIG environment variable." |
| 86 | +echo "Note: The tokens will expire after ${TOKEN_DURATION} seconds." |
0 commit comments