From b179f70e0bde7682e6f93e98d2220a88a95c74f5 Mon Sep 17 00:00:00 2001 From: hashfyre Date: Sat, 9 Dec 2017 15:48:31 +0530 Subject: [PATCH] adds: k8s-user, client-cert/key based auth --- update.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/update.sh b/update.sh index 98df6a9..25a2210 100755 --- a/update.sh +++ b/update.sh @@ -8,6 +8,14 @@ if [ ! -z ${PLUGIN_KUBERNETES_TOKEN} ]; then KUBERNETES_TOKEN=$PLUGIN_KUBERNETES_TOKEN fi +if [ ! -z ${PLUGIN_KUBERNETES_CLIENT_CERT} ]; then + KUBERNETES_CLIENT_CERT=$PLUGIN_KUBERNETES_CLIENT_CERT +fi + +if [ ! -z ${PLUGIN_KUBERNETES_CLIENT_KEY} ]; then + KUBERNETES_CLIENT_KEY=$PLUGIN_KUBERNETES_CLIENT_KEY +fi + if [ ! -z ${PLUGIN_KUBERNETES_SERVER} ]; then KUBERNETES_SERVER=$PLUGIN_KUBERNETES_SERVER fi @@ -16,7 +24,18 @@ if [ ! -z ${PLUGIN_KUBERNETES_CERT} ]; then KUBERNETES_CERT=${PLUGIN_KUBERNETES_CERT} fi -kubectl config set-credentials default --token=${KUBERNETES_TOKEN} +if [ ! -z ${PLUGIN_KUBERNETES_USER} ]; then + KUBERNETES_USER=${PLUGIN_KUBERNETES_USER:-default} +fi + +if [ ! -z ${KUBERNETES_CLIENT_CERT} ] && [ ! -z ${KUBERNETES_CLIENT_KEY} ]; then + echo ${KUBERNETES_CLIENT_CERT} | base64 -d > client.crt + echo ${KUBERNETES_CLIENT_KEY} | base64 -d > client.key + kubectl config set-credentials ${KUBERNETES_USER} --client-certificate=client.crt --client-key=client.key +else + kubectl config set-credentials ${KUBERNETES_USER} --token=${KUBERNETES_TOKEN} +fi + if [ ! -z ${KUBERNETES_CERT} ]; then echo ${KUBERNETES_CERT} | base64 -d > ca.crt kubectl config set-cluster default --server=${KUBERNETES_SERVER} --certificate-authority=ca.crt