From 2b5ebfa39b1ce89dbc483f73cdb7ea099f4fc0f5 Mon Sep 17 00:00:00 2001
From: dsaucezi <dsaucezi@node1.core5g.slices5gcore-pg0.wall1.ilabt.imec.be>
Date: Wed, 4 Sep 2024 18:27:37 +0200
Subject: [PATCH] get the cluster correctly

---
 k8s/add_user.sh | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/k8s/add_user.sh b/k8s/add_user.sh
index 34951b6..dbb2eac 100755
--- a/k8s/add_user.sh
+++ b/k8s/add_user.sh
@@ -2,7 +2,7 @@
 USERNAME=pos1
 GROUP=SLICES-RI
 DURATION=7 # in days
-#######API_SERVER_ENDPOINT="https://172.29.7.62:6443"
+API_SERVER_ENDPOINT="https://172.29.7.62:6443"
 CLUSTER_NAME="vwall-production"
 
 DIR=RBAC
@@ -11,6 +11,7 @@ USER_KEY=$DIR/$USERNAME/$USERNAME.key
 USER_CSR=$DIR/$USERNAME/$USERNAME.csr
 USER_CRT=$DIR/$USERNAME/$USERNAME.crt
 K8S_SIGN_REQUEST=$DIR/$USERNAME/${USERNAME}_k8s_sign_request.yaml
+KUBECONFIG=$DIR/$USERNAME/config-${USERNAME}
 
 EXPIRATION_SECONDS=$(( $DURATION * 3600 * 24))
 
@@ -49,13 +50,23 @@ kubectl get csr $USERNAME -o jsonpath='{.status.certificate}'| base64 -d > $USER
 
 
 echo "Create the roles"
-kubectl create clusterrole createNamespaces --verb="create" --resource=namespaces
-kubectl create clusterrole deleteNamespaces --verb="delete" --resource=namespaces
+#kubectl create clusterrole createNamespaces --verb="create" --resource=namespaces
+#kubectl create clusterrole deleteNamespaces --verb="delete" --resource=namespaces
 
 echo "Bind the roles to the user"
 kubectl create clusterrolebinding $USERNAME-createNamespaces-binding --clusterrole=createNamespaces --user=$USERNAME
 kubectl create clusterrolebinding $USERNAME-deleteNamespaces-binding --clusterrole=deleteNamespaces --user=$USERNAME
 
 echo "Add user and context to kubeconfig"
-kubectl config set-credentials $USERNAME --client-key=$USER_KEY --client-certificate=$USER_CRT --embed-certs=true
-kubectl config set-context $USERNAME --cluster=$CLUSTER_NAME --user=$USERNAME
+cat << EOF > $KUBECONFIG
+---
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: $(cat /etc/kubernetes/pki/ca.crt | base64 | tr -d "\n") 
+    server: $API_SERVER_ENDPOINT
+  name: $CLUSTER_NAME
+EOF
+kubectl --kubeconfig=$KUBECONFIG config set-credentials $USERNAME --client-key=$USER_KEY --client-certificate=$USER_CRT --embed-certs=true
+kubectl --kubeconfig=$KUBECONFIG config set-context $USERNAME --cluster=$CLUSTER_NAME --user=$USERNAME
+kubectl --kubeconfig=$KUBECONFIG config use-context $USERNAME
-- 
GitLab