Skip to content

Commit 1b6aad0

Browse files
leotsarevleotsarev
authored
Адаптация к изменения kubernetes/kubernetes#108309 (больше не генерируются автоматически секреты) (#3036)
1 parent 867026d commit 1b6aad0

File tree

2 files changed

+33
-15
lines changed

2 files changed

+33
-15
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,3 +202,4 @@ appsettings.Development.json
202202

203203
#generated kubeconfig
204204
/scripts/github-actions-*
205+
/scripts/*.yaml

scripts/create-new-environment.ps1

Lines changed: 32 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,63 +6,80 @@ Creates new environment in cluster and produces kubeconfig with permissions to i
66
[CmdletBinding()]
77
param(
88
[Parameter(Position = 0, Mandatory = $true)]
9-
[String]$namespace
9+
[String]$namespace,
10+
[Parameter(Mandatory = $false)]
11+
[String]$ServiceAccountName
1012
)
1113

1214

1315

1416
$CONTEXT=kubectl config current-context
15-
$SERVICE_ACCOUNT_NAME = "github-actions-$NAMESPACE"
1617

17-
$NEW_CONTEXT="github-actions-$NAMESPACE"
18-
$KUBECONFIG_FILE="github-actions-$NAMESPACE"
18+
$SERVICE_ACCOUNT_NAME = ""
19+
20+
if ($ServiceAccountName.Length -eq 0)
21+
{
22+
$SERVICE_ACCOUNT_NAME = "github-actions-$NAMESPACE"
23+
}
24+
else
25+
{
26+
$SERVICE_ACCOUNT_NAME = $ServiceAccountName
27+
28+
}
29+
30+
$NEW_CONTEXT=$SERVICE_ACCOUNT_NAME
31+
$KUBECONFIG_FILE= "$SERVICE_ACCOUNT_NAME.yaml"
1932

2033
kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
2134

2235
@"
2336
apiVersion: v1
2437
kind: ServiceAccount
2538
metadata:
26-
name: github-actions-$namespace
39+
name: $SERVICE_ACCOUNT_NAME
2740
namespace: ${NAMESPACE}
2841
---
2942
3043
apiVersion: rbac.authorization.k8s.io/v1
3144
kind: Role
3245
metadata:
33-
name: github-actions-${NAMESPACE}
46+
name: $SERVICE_ACCOUNT_NAME
3447
namespace: ${NAMESPACE}
3548
rules:
3649
- apiGroups: ["*"]
3750
resources: ["*"]
3851
verbs: ["*"]
3952
53+
---
54+
apiVersion: v1
55+
kind: Secret
56+
metadata:
57+
namespace: ${NAMESPACE}
58+
name: $SERVICE_ACCOUNT_NAME-secret
59+
annotations:
60+
kubernetes.io/service-account.name: $SERVICE_ACCOUNT_NAME
61+
type: kubernetes.io/service-account-token
4062
---
4163
apiVersion: rbac.authorization.k8s.io/v1
4264
kind: RoleBinding
4365
metadata:
44-
name: github-actions-${NAMESPACE}
66+
name: $SERVICE_ACCOUNT_NAME
4567
namespace: ${NAMESPACE}
4668
roleRef:
4769
apiGroup: rbac.authorization.k8s.io
4870
kind: Role
49-
name: github-actions-${NAMESPACE}
71+
name: $SERVICE_ACCOUNT_NAME
5072
subjects:
5173
- namespace: ${NAMESPACE}
5274
kind: ServiceAccount
53-
name: github-actions-${NAMESPACE}
75+
name: $SERVICE_ACCOUNT_NAME
5476
"@ >create-namespace.tmp.yml
5577

5678
kubectl apply -f create-namespace.tmp.yml
5779

5880
Remove-Item create-namespace.tmp.yml
5981

60-
#Get token of the ServiceAccount
61-
$SECRET_NAME=kubectl get serviceaccount ${SERVICE_ACCOUNT_NAME} --context ${CONTEXT} --namespace ${NAMESPACE} -o jsonpath='{.secrets[0].name}' | Out-String -NoNewline
62-
63-
Write-Host "Secret name will be $SECRET_NAME"
64-
65-
$TOKEN_DATA=kubectl get secret ${SECRET_NAME} --context ${CONTEXT} --namespace ${NAMESPACE} -o jsonpath='{.data.token}' | Out-String -NoNewline
82+
$TOKEN_DATA=kubectl get secret $SERVICE_ACCOUNT_NAME-secret --context ${CONTEXT} --namespace ${NAMESPACE} -o jsonpath='{.data.token}' | Out-String -NoNewline
6683

6784
$TOKEN = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($TOKEN_DATA))
6885

0 commit comments

Comments
 (0)