porthole/jmphost/setup-access.sh
Trung Thai 5f3ce78d7f The script creates and sets up of user K8S profile
*  Allow users the ability to connect K8S cluster remotely
  *  Authenthicate to UCP Keystone
  *  Then able remotely execute into containers
  *  Install all required software components

Change-Id: I1062ab14d1c643e1161b6fcfb870eaee55f5e64b
2019-09-26 10:51:29 -04:00

136 lines
3.6 KiB
Bash
Executable File

#!/bin/bash
# Script installs Kubectl latest binary and K8S-Keystone-Auth provider.
# It will generate a default 'kubectl' configuration file for the user with the appropriate
# settings to remotely connect to K8S cluster through Keystone authentication mechanism.
if [[ ${#} -lt 2 ]] ; then
echo "Abort - Usage $0 <SITE NAME> <USER_ID> <NAMESPACE>"
exit 1
fi
SITE_NAME=$1 ; LOGNAME=$2 ; NAMESPACE=$3
LOGNAME_GRP=$(grep ${LOGNAME} /etc/passwd |cut -d":" -f3)
# set default env variables
: ${USER_HOME:=$HOME}
: ${USER_KUBECFG:=$USER_HOME/.kube/config}
function _addSourceList() {
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | \
tee -a /etc/apt/sources.list.d/kubernetes.list
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
apt-get update
}
# Install dependencies once
function _installDep () {
# kubectl
if [[ $1 == 'kubectl' ]] ; then
echo "Installing [${1}] dependency required..."
apt-get install -y kubectl
fi
}
# Create kubeconfig skelton file
function _createConfig() {
tee ${USER_KUBECFG} <<EOF
---
apiVersion: v1
namespace: ${NAMESPACE}
# Authentication via API WebHook Ingress service endpoint
clusters:
- cluster:
server: https://<WEBHOOK-API-INGRESS-FQDN>
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: ${LOGNAME}
name: ${LOGNAME}@kubernetes
current-context: ${LOGNAME}@kubernetes
kind: Config
preferences: {}
users:
- name: ${LOGNAME}
user:
exec:
command: "/usr/local/uc/bin/client-keystone-auth"
apiVersion: "client.authentication.k8s.io/v1beta1"
env:
- name: "OS_DOMAIN_NAME"
value: default
- name: "OS_INTERFACE"
value: public
- name: "OS_USERNAME"
value: ${LOGNAME}
- name: "OS_PASSWORD"
value: "<USER-PASSWORD>"
- name: "OS_PROJECT_NAME"
value: admin
- name: "OS_REGION_NAME"
value: ${SITE_NAME}
- name: "OS_IDENTITY_API_VERSION"
value: "3"
args:
- "--keystone-url=<UCP-KEYSTONE-INGRESS-FQDN>/v3"
EOF
}
# checking and installing 'kubectl'
if [[ ! -x /usr/bin/kubectl ]] ; then
echo "[Kubectl binary] is not found on this system.."
echo "Checking user[${LOGNAME}] sudo ability"
let num=$(id -u)
if [ $num -ne '0' ]; then
echo "Abort dependencies installation. You [$LOGNAME] are not root yet"
exit 1
else
echo "Looking good. You [$LOGNAME] are root now"
_addSourceList
_installDep "kubectl"
fi
fi
if [[ ! -d ${USER_HOME}/.kube ]]; then
mkdir ${USER_HOME}/.kube
chown -R ${LOGNAME}:${LOGNAME_GRP} ${USER_HOME}/.kube
fi
# create config if it does not exit
if [[ ! -f ${USER_KUBECFG} ]]; then
_createConfig
chown ${LOGNAME}:${LOGNAME_GRP} ${USER_HOME}/.kube/config
fi
# staging uc functions to a common area
if [[ ! -d /usr/local/uc/bin/ ]]; then
mkdir -p /usr/local/uc/bin/
cp -p funs_uc.sh /usr/local/uc/bin/
echo "Installing [k8s-keystone-authentication] component"
curl -SL# https://api.nz-por-1.catalystcloud.io:8443/v1/AUTH_b23a5e41d1af4c20974bf58b4dff8e5a/lingxian-public/client-keystone-auth \
-o /usr/local/uc/bin/client-keystone-auth
chmod 755 -R /usr/local/uc
chown root:root -R /usr/local/uc
fi
# Update user bash rc script to include uc funcions
if [[ -f ${HOME}/.bashrc ]]; then
cp -p ${HOME}/.bashrc ${HOME}/.bashrc.jmp.bck.$(date +%s)
egrep funs_uc ${HOME}/.bashrc
if [[ $? -eq '1' ]] ; then
tee -a ${HOME}/.bashrc <<EOF
# Utility container common functions
if [[ -f /usr/local/uc/bin/funs_uc.sh ]]; then
. /usr/local/uc/bin/funs_uc.sh
fi
EOF
fi
fi