icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6574c07350
freeleaps-ops/bin/freeleaps-cluster-login
孙振宇 6574c07350 feat(k8s): enhance freeleaps cluster login script and add RBAC bindings 
Signed-off-by: 孙振宇 <>
2025-01-13 19:10:06 +08:00

123 lines
3.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -eu -o pipefail
CLUSTER_API_LB_IP="4.155.160.32"
MICROSOFT_ENTRA_TENANT_ID=cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
MATHMAST_AD_CLIENT_ID=7cd1df19-24ea-46d7-acd3-5336283139e0
MATHMAST_AD_CLIENT_SECRET=L9J8Q~kClGP-sXKS3YFgnpDu7ednUdlWGsWfQbTl
MATHMAST_AD_ISSUER="https://login.microsoftonline.com/${MICROSOFT_ENTRA_TENANT_ID}/v2.0"
OS=${OS:-linux}
ARCH=${ARCH:-amd64}
KUBECTL_VERSION=${KUBECTL_VERSION:-v1.30.3}
KUBELOGIN_VERSION=${KUBELOGIN_VERSION:-v1.29.0}
function check_os() {
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
OS=linux
elif [[ "$OSTYPE" == "darwin"* ]]; then
OS=darwin
else
echo "Unsupported OS: $OSTYPE"
exit 1
fi
}
function check_arch() {
if [[ "$(uname -m)" == "x86_64" ]]; then
ARCH=amd64
elif [[ "$(uname -m)" == "arm64" ]]; then
ARCH=arm64
else
echo "Unsupported architecture: $(uname -m)"
exit 1
fi
}
function ensure_kubectl () {
local version=${KUBECTL_VERSION}
local os=${OS}
local arch=${ARCH}
local download_url=https://storage.googleapis.com/kubernetes-release/release/${version}/bin/${os}/${arch}/kubectl
echo "Downloading kubectl (${arch}-${version}) from ${download_url}"
# download to tmp folder
curl -L o /tmp/kubectl "${download_url}"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/kubectl
}
function ensure_kubelogin () {
local os=${OS}
local arch=${ARCH}
local version=${KUBELOGIN_VERSION}
local download_url=https://github.com/int128/kubelogin/releases/download/${version}/kubelogin_${os}_${arch}.zip
echo "Downloading kubelogin (${arch}-${version}) from ${download_url}"
# download to tmp folder
curl -L -o /tmp/kubelogin.zip "${download_url}"
unzip /tmp/kubelogin.zip -d /tmp
chmod +x /tmp/kubelogin
sudo mv /tmp/kubelogin /usr/local/bin/kubelogin
}
function main() {
# check if the kubectl not installed
if ! command -v kubectl &> /dev/null; then
ensure_kubectl
fi
# check if the kubelogin not installed
if ! command -v kubelogin &> /dev/null; then
ensure_kubelogin
fi
# setup with kubelogin
kubelogin setup \
--oidc-issuer-url ${MATHMAST_AD_ISSUER} \
--oidc-client-id ${MATHMAST_AD_CLIENT_ID} \
--oidc-client-secret ${MATHMAST_AD_CLIENT_SECRET} \
--oidc-extra-scope="profile,email,offline_access" \
--log_file=/dev/null \
# Prompt user to input username
echo "Please enter your username: "
read username
# Check if username is empty
if [ -z "$username" ]; then
echo "Username cannot be empty"
exit 1
fi
echo "Set credentials for $username..."
kubectl config set-credentials "$username" \
--exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubelogin \
--exec-arg=get-token \
--exec-arg="--oidc-issuer-url=${MATHMAST_AD_ISSUER}" \
--exec-arg="--oidc-client-id=${MATHMAST_AD_CLIENT_ID}" \
--exec-arg="--oidc-client-secret=${MATHMAST_AD_CLIENT_SECRET}" \
--exec-arg="--oidc-extra-scope=offline_access" \
--exec-arg="--oidc-extra-scope=profile" \
--exec-arg="--oidc-extra-scope=email" \
echo "Set cluster..."
kubectl config set-cluster freeleaps-cluster \
--server=https://${CLUSTER_API_LB_IP}:6443 \
--insecure-skip-tls-verify=true
echo "Create context..."
kubectl config set-context "$username@freeleaps-cluster" \
--cluster=freeleaps-cluster \
--user="$username"
echo "Use context..."
kubectl config use-context "$username@freeleaps-cluster"
echo "Done."
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink