-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprepare-03-generate-worker-kubeconfigs.sh
executable file
·75 lines (64 loc) · 2.63 KB
/
prepare-03-generate-worker-kubeconfigs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
if [[ ! "$PATH" =~ "/usr/local/bin" ]]; then
echo "/usr/local/bin is not on your PATH. Please add it:"
echo "export PATH=\$PATH:/usr/local/bin"
exit 1
fi
source ./settings.sh
pushd generated-files > /dev/null
# Generate kubelet kubeconfig for workers
for index in ${!WORKER_IP_LIST[@]}; do
kubectl config set-cluster ${CLUSTER_NAME} \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://${API_SERVER_IP}:6443 \
--kubeconfig=kubelet-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config set-credentials system:node:${WORKER_HOSTNAME_LIST[index]} \
--client-certificate=worker-${WORKER_HOSTNAME_LIST[index]}.pem \
--client-key=worker-${WORKER_HOSTNAME_LIST[index]}-key.pem \
--embed-certs=true \
--kubeconfig=kubelet-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config set-context default \
--cluster=${CLUSTER_NAME} \
--user=system:node:${WORKER_HOSTNAME_LIST[index]} \
--kubeconfig=kubelet-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config use-context default --kubeconfig=kubelet-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
done
# Generate kube-proxy kubeconfig for workers
for index in ${!WORKER_IP_LIST[@]}; do
kubectl config set-cluster ${CLUSTER_NAME} \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://${API_SERVER_IP}:6443 \
--kubeconfig=kube-proxy-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config set-credentials kube-proxy \
--client-certificate=kube-proxy.pem \
--client-key=kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config set-context default \
--cluster=${CLUSTER_NAME} \
--user=kube-proxy \
--kubeconfig=kube-proxy-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy-${WORKER_HOSTNAME_LIST[index]}.kubeconfig
done
# Generate one admin kubeconfig for all workers
kubectl config set-cluster ${CLUSTER_NAME} \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://${API_SERVER_IP}:6443 \
--kubeconfig=admin.kubeconfig
kubectl config set-credentials admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem \
--embed-certs=true \
--kubeconfig=admin.kubeconfig
kubectl config set-context default \
--cluster=${CLUSTER_NAME} \
--user=admin \
--kubeconfig=admin.kubeconfig
kubectl config use-context default --kubeconfig=admin.kubeconfig
# Generate random encryption key
export ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)
generateFromTemplate ../templates/encryption-config.yaml encryption-config.yaml
popd > /dev/null