workflows/setup-kubectl.sh at main · RustLangES/workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/bin/env bash

set -e

VERSION="latest"
CLIENT_CERT=""
CLIENT_KEY=""
CERTIFICATE=""
HOST=""
CLIENT_CERT=""
CLIENT_KEY=""
VALIDATE_ACCESS="true"

while [[ $# -gt 0 ]]; do
  case "$1" in
    --version|-v)
      VERSION="$2"
      shift 2
      ;;
    --client-cert|-cc)
      CLIENT_CERT="$2"
      shift 2
      ;;
    --client-key|-ck)
      CLIENT_KEY="$2"
      shift 2
      ;;
    --certificate|-c)
      CERTIFICATE="$2"
      shift 2
      ;;
    --host|-h)
      HOST="$2"
      shift 2
      ;;
    --client-cert)
      CLIENT_CERT="$2"
      shift 2
      ;;
    --client-key)
      CLIENT_KEY="$2"
      shift 2
      ;;
    --validate-access|-a)
      VALIDATE_ACCESS="$2"
      shift 2
      ;;
    *)
      echo "Unknown option: $1"
      exit 1
      ;;
  esac
done

install_kubectl() {
  if [ "$VERSION" = "latest" ] || [ -z "$VERSION" ]; then
    VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt)
  else
    VERSION="v$VERSION"
  fi

  ARCH=$(uname -m)
  case $ARCH in
    x86_64) ARCH="amd64" ;;
    aarch64) ARCH="arm64" ;;
    armv7l) ARCH="arm" ;;
    *) echo "Not supported Arch: $ARCH"; exit 1 ;;
  esac

  curl -LO "https://dl.k8s.io/release/${VERSION}/bin/linux/${ARCH}/kubectl"
  sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
}

validate_installation() {
  kubectl version --client
}

configure_access() {
  mkdir -p ~/.kube

  if [ -n "$CLIENT_CERT" ] && [ -n "$CLIENT_KEY" ]; then
    # Client certificate authentication (k3s default)
    cat <<EOF > ~/.kube/config
apiVersion: v1
kind: Config
clusters:
- name: remote-cluster
  cluster:
    server: ${HOST}
    certificate-authority-data: ${CERTIFICATE}
contexts:
- name: remote-context
  context:
    cluster: remote-cluster
    user: remote-user
current-context: remote-context
users:
- name: remote-user
  user:
    client-certificate-data: ${CLIENT_CERT}
    client-key-data: ${CLIENT_KEY}
EOF
  else
    # Token authentication
    cat <<EOF > ~/.kube/config
apiVersion: v1
kind: Config
clusters:
- name: remote-cluster
  cluster:
    server: ${HOST}
    certificate-authority-data: ${CERTIFICATE}
contexts:
- name: remote-context
  context:
    cluster: remote-cluster
    user: remote-user
current-context: remote-context
users:
- name: remote-user
  user:
    client-certificate-data: ${CLIENT_CERT}
    client-key-data: ${CLIENT_KEY}
EOF
  fi
}

validate_access() {
  if [ "$VALIDATE_ACCESS" = "true" ]; then
    kubectl cluster-info
  fi
}

install_kubectl
validate_installation
configure_access
validate_access