This repository has been archived by the owner on Feb 27, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
commandline.tmpl
61 lines (56 loc) · 2.42 KB
/
commandline.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<!doctype html>
<!--
vi: ft=html
-->
<html lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Lokomotive Kubernetes Gangway</title>
<link href="https://fonts.googleapis.com/css?family=Overpass" rel="stylesheet">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
<style>
body {
background: #ffc107;
font-family: 'Overpass', sans-serif;
padding-top: 20px;
padding-bottom: 20px;
}
h1, h2, h3, h4 {
font-weight: normal;
}
</style>
</head>
<body>
<div class="container">
<h1 class="display-4">Lokomotive Kubernetes Gangway</h1>
<p>Welcome {{ .Username }}.</p>
<p>In order to get command-line access to the {{ .ClusterName }} Kubernetes cluster, you will need to configure OpenID Connect (OIDC) authenication for your client.</p>
<p>The Kubernetes command-line utility, kubectl, may be installed like so:</p>
<pre><code>
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/$(uname | awk '{print tolower($0)}')/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
</code></pre>
<p>Once kubectl is installed, you may execute the following:</p>
<pre><code>
echo "{{ .ClusterCA }}" \ > /tmp/ca-{{ .ClusterName }}.pem
kubectl config set-cluster {{ .ClusterName }} \
--server={{ .APIServerURL }} \
--embed-certs \
--certificate-authority=/tmp/ca-{{ .ClusterName }}.pem
kubectl config set-credentials {{ .KubeCfgUser }} \
--auth-provider=oidc \
--auth-provider-arg=idp-issuer-url={{ .IssuerURL }} \
--auth-provider-arg=client-id={{ .ClientID }} \
--auth-provider-arg=client-secret={{ .ClientSecret }} \
--auth-provider-arg=refresh-token={{ .RefreshToken }} \
--auth-provider-arg=id-token={{ .IDToken }}
kubectl config set-context {{ .ClusterName }} --cluster={{ .ClusterName }} --user={{ .KubeCfgUser }}
kubectl config use-context {{ .ClusterName }}
rm /tmp/ca-{{ .ClusterName }}.pem
</code></pre>
<p>Lokomotive Kubernetes by <a href="https://kinvolk.io">Kinvolk</a>. Built with <a href="https://github.com/heptiolabs/gangway">Gangway</a>, Apache-2.0</p>
</div>
</body>
</html>