diff options
author | Jason DeTiberus <detiber@gmail.com> | 2016-04-25 10:41:46 -0400 |
---|---|---|
committer | Jason DeTiberus <detiber@gmail.com> | 2016-04-25 10:41:46 -0400 |
commit | b776be49d824ab231c4d84a050b4a02098d1f23c (patch) | |
tree | daa067b1e383aa61cc0f1e7c4e47a9c1711ea3f4 /roles/nuage_master/files | |
parent | 04b52454275572f9d09e76c6ce46bdd60aa46c72 (diff) | |
parent | be399ff8c108f234604a1334eed3de5a6f0e3239 (diff) | |
download | openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.gz openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.bz2 openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.xz openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.zip |
Merge pull request #1782 from vishpat/serviceaccount_review
Changed service account creation to ansible
Diffstat (limited to 'roles/nuage_master/files')
-rw-r--r-- | roles/nuage_master/files/serviceaccount.sh | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh deleted file mode 100644 index f6fdb8a8d..000000000 --- a/roles/nuage_master/files/serviceaccount.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# Parse CLI options -for i in "$@"; do - case $i in - --master-cert-dir=*) - MASTER_DIR="${i#*=}" - CA_CERT=${MASTER_DIR}/ca.crt - CA_KEY=${MASTER_DIR}/ca.key - CA_SERIAL=${MASTER_DIR}/ca.serial.txt - ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig - ;; - --server=*) - SERVER="${i#*=}" - ;; - --output-cert-dir=*) - OUTDIR="${i#*=}" - CONFIG_FILE=${OUTDIR}/nuage.kubeconfig - ;; - esac -done - -# If any are missing, print the usage and exit -if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then - echo "Invalid syntax: $@" - echo "Usage:" - echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/" - echo "--master-cert-dir: Directory where the master's configuration is held" - echo "--server: Address of Kubernetes API server (default port is 8443)" - echo "--output-cert-dir: Directory to put artifacts in" - echo "" - echo "All options are required" - exit 1 -fi - -# Login as admin so that we can create the service account -oc login -u system:admin --config=$ADMIN_FILE || exit 1 -oc project default --config=$ADMIN_FILE - -ACCOUNT_CONFIG=' -{ - "apiVersion": "v1", - "kind": "ServiceAccount", - "metadata": { - "name": "nuage" - } -} -' - -# Create the account with the included info -echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f - - -# Add the cluser-reader role, which allows this service account read access to -# everything in the cluster except secrets -oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE - -# Generate certificates and a kubeconfig for the service account -oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage' - -# Verify the finalized kubeconfig -if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then - echo "Service account creation failed!" - exit 1 -fi |