create token for k8s 1.24 (#71)

* create token for k8s 1.24 * fix * updated version to 0.6.0 * added logs * testing insecure * removed cacert * reverted `set-cluster` to secure mode * updated to 0.0.516
codefresh-io · Sep 14, 2022 · 2d22bad · 2d22bad
1 parent 224761d
commit 2d22bad
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 6 deletions.
diff --git a/add-cluster/add-cluster.sh b/add-cluster/add-cluster.sh
@@ -8,6 +8,31 @@
 # ANNOTATIONS (cm - optional)
 # CSDP_TOKEN_SECRET
 
+SECRET_NAME=""
+
+function get_service_account_secret_name() {
+  SECRET_NAME=$(kubectl get ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} -o jsonpath='{.secrets[0].name}')
+  if [[ -z ${SECRET_NAME} ]]; then
+    echo "Creating new ServiceAccount token"
+    # create secret for service account
+    SECRET_NAME=$(kubectl create -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  generateName: ${SERVICE_ACCOUNT_NAME}-token-
+  annotations:
+    kubernetes.io/service-account.name: ${SERVICE_ACCOUNT_NAME}
+type: kubernetes.io/service-account-token
+EOF
+)
+    SECRET_NAME=$(echo ${SECRET_NAME} | sed s@secret/@@g | sed s/\ created//g)
+    kubectl patch ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} --patch "{\"secrets\": [{\"name\": \"${SECRET_NAME}\"}]}"
+    echo "Created ServiceAccount sercret ${SECRET_NAME}"
+  else
+    echo "Found ServiceAccount secret ${SECRET_NAME}"
+  fi
+}
+
 echo "ServiceAccount: ${SERVICE_ACCOUNT_NAME}"
 echo "Ingress URL: ${INGRESS_URL}"
 echo "Context Name: ${CONTEXT_NAME}"
@@ -23,8 +48,7 @@ NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
 CACERT=${SERVICEACCOUNT}/ca.crt
 
 # get ServiceAccount token
-SECRET_NAME=$(kubectl get ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} -o jsonpath='{.secrets[0].name}')
-echo "Found ServiceAccount secret ${SECRET_NAME}"
+get_service_account_secret_name
 BEARER_TOKEN=$(kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath='{.data.token}' | base64 -d)
 
 # write KUBE_COPNFIG_DATA to local file
@@ -37,6 +61,7 @@ KUBE_CONFIG_B64=$(kubectl config view --minify --flatten --output json --context
 ANNOTATIONS_B64=$(cat /etc/config/annotations.yaml | base64 -w 0)
 LABELS_B64=$(cat /etc/config/labels.yaml | base64 -w 0)
 
+echo "{ \"name\": \"'${CONTEXT_NAME}'\", \"kubeConfig\": \"'${KUBE_CONFIG_B64}'\", \"annotations\": \"'${ANNOTATIONS_B64}'\", \"labels\": \"'${LABELS_B64}'\" }"
 STATUS_CODE=$(curl -X POST ${INGRESS_URL%/}/app-proxy/api/clusters \
   -H 'Content-Type: application/json' \
   -H 'Authorization: '${CSDP_TOKEN}'' \

diff --git a/add-cluster/helm/Chart.yaml b/add-cluster/helm/Chart.yaml
@@ -6,4 +6,4 @@ type: application
 
 version: 0.2.0
 
-appVersion: 0.5.0
+appVersion: 0.6.0
diff --git a/add-cluster/kustomize/kustomization.yaml b/add-cluster/kustomize/kustomization.yaml
@@ -4,7 +4,7 @@ namespace: kube-system
 
 images:
   - name: quay.io/codefresh/csdp-add-cluster
-    newTag: 0.5.0
+    newTag: 0.6.0
 
 resources:
   - configmap.yaml

diff --git a/csdp/base_components/bootstrap/kustomization.yaml b/csdp/base_components/bootstrap/kustomization.yaml
@@ -12,8 +12,8 @@ configMapGenerator:
   - name: codefresh-cm
     behavior: create
     literals:
-      - version=0.0.515 # Runtime version
-      - bootstrapRevision=0.0.515 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
+      - version=0.0.516 # Runtime version
+      - bootstrapRevision=0.0.516 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
       - appsetRequeueTime=15
 
 replacements:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@ type: application

		version: 0.2.0

		appVersion: 0.5.0
		appVersion: 0.6.0