create token for k8s 1.24 (#71)

ATGardner · web-flow · commit 2d22badd1c36 · 2022-09-14T17:55:18.000+03:00
* create token for k8s 1.24

* fix

* updated version to 0.6.0

* added logs

* testing insecure

* removed cacert

* reverted `set-cluster` to secure mode

* updated to 0.0.516
diff --git a/add-cluster/add-cluster.sh b/add-cluster/add-cluster.sh
@@ -8,6 +8,31 @@
 # ANNOTATIONS (cm - optional)
 # CSDP_TOKEN_SECRET
 
+SECRET_NAME=""
+
+function get_service_account_secret_name() {
+  SECRET_NAME=$(kubectl get ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} -o jsonpath='{.secrets[0].name}')
+  if [[ -z ${SECRET_NAME} ]]; then
+    echo "Creating new ServiceAccount token"
+    # create secret for service account
+    SECRET_NAME=$(kubectl create -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  generateName: ${SERVICE_ACCOUNT_NAME}-token-
+  annotations:
+    kubernetes.io/service-account.name: ${SERVICE_ACCOUNT_NAME}
+type: kubernetes.io/service-account-token
+EOF
+)
+    SECRET_NAME=$(echo ${SECRET_NAME} | sed s@secret/@@g | sed s/\ created//g)
+    kubectl patch ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} --patch "{\"secrets\": [{\"name\": \"${SECRET_NAME}\"}]}"
+    echo "Created ServiceAccount sercret ${SECRET_NAME}"
+  else
+    echo "Found ServiceAccount secret ${SECRET_NAME}"
+  fi
+}
+
 echo "ServiceAccount: ${SERVICE_ACCOUNT_NAME}"
 echo "Ingress URL: ${INGRESS_URL}"
 echo "Context Name: ${CONTEXT_NAME}"
@@ -23,8 +48,7 @@ NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
 CACERT=${SERVICEACCOUNT}/ca.crt
 
 # get ServiceAccount token
-SECRET_NAME=$(kubectl get ServiceAccount ${SERVICE_ACCOUNT_NAME} -n ${NAMESPACE} -o jsonpath='{.secrets[0].name}')
-echo "Found ServiceAccount secret ${SECRET_NAME}"
+get_service_account_secret_name
 BEARER_TOKEN=$(kubectl get secret ${SECRET_NAME} -n ${NAMESPACE} -o jsonpath='{.data.token}' | base64 -d)
 
 # write KUBE_COPNFIG_DATA to local file
@@ -37,6 +61,7 @@ KUBE_CONFIG_B64=$(kubectl config view --minify --flatten --output json --context
 ANNOTATIONS_B64=$(cat /etc/config/annotations.yaml | base64 -w 0)
 LABELS_B64=$(cat /etc/config/labels.yaml | base64 -w 0)
 
+echo "{ \"name\": \"'${CONTEXT_NAME}'\", \"kubeConfig\": \"'${KUBE_CONFIG_B64}'\", \"annotations\": \"'${ANNOTATIONS_B64}'\", \"labels\": \"'${LABELS_B64}'\" }"
 STATUS_CODE=$(curl -X POST ${INGRESS_URL%/}/app-proxy/api/clusters \
   -H 'Content-Type: application/json' \
   -H 'Authorization: '${CSDP_TOKEN}'' \
diff --git a/add-cluster/helm/Chart.yaml b/add-cluster/helm/Chart.yaml
@@ -6,4 +6,4 @@ type: application
 
 version: 0.2.0
 
-appVersion: 0.5.0
+appVersion: 0.6.0
diff --git a/add-cluster/kustomize/kustomization.yaml b/add-cluster/kustomize/kustomization.yaml
@@ -4,7 +4,7 @@ namespace: kube-system
 
 images:
   - name: quay.io/codefresh/csdp-add-cluster
-    newTag: 0.5.0
+    newTag: 0.6.0
 
 resources:
   - configmap.yaml
diff --git a/csdp/base_components/bootstrap/kustomization.yaml b/csdp/base_components/bootstrap/kustomization.yaml
@@ -12,8 +12,8 @@ configMapGenerator:
   - name: codefresh-cm
     behavior: create
     literals:
-      - version=0.0.515 # Runtime version
-      - bootstrapRevision=0.0.515 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
+      - version=0.0.516 # Runtime version
+      - bootstrapRevision=0.0.516 # Tag to use for bootstrap (change this to the name of your branch if you want to test changes)
       - appsetRequeueTime=15
 
 replacements:

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,4 @@ type: application`
`6`	`6`
`7`	`7`	`version: 0.2.0`
`8`	`8`
`9`		`-appVersion: 0.5.0`
	`9`	`+appVersion: 0.6.0`