Skip to content
This repository was archived by the owner on Aug 13, 2021. It is now read-only.

Commit cb265de

Browse files
superbrothersTakashi Kusumi
superbrothers
authored and
Takashi Kusumi
committed
create-kubeconfig: change the argument to specify the serviceaccount (#4)
This commit changes the argument from serviceaccount token to the serviceaccount name. With this change, we don't need to know the serviceaccount token in advance. This is breaking change. ``` $ ./create-kubeconfig Usage: ./create-kubeconfig SERVICEACCOUNT [kubectl options] This script creates a kubeconfig to access the apiserver with the specified serviceaccount and outputs it to stdout. ```
1 parent 4e638a7 commit cb265de

File tree

2 files changed

+11
-7
lines changed

2 files changed

+11
-7
lines changed

README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
This repository contains some useful scripts for operating Kubernetes.
44

5-
- `create-kubeconfig`: Create a kubeconfig with the specified serviceaccount token and output it to stdout.
5+
- `create-kubeconfig`: Create a kubeconfig to access the apiserver with the specified serviceaccount and outputs it to stdout.
66
- `wait-until-pods-ready`: Wait for all pods to be ready in the current namespace.
77

88
## License

create-kubeconfig

+10-6
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@
99
set -e
1010

1111
if [[ $# == 0 ]]; then
12-
echo "Usage: $0 SERVICEACCOUNT_TOKEN [kubectl options]" >&2
12+
echo "Usage: $0 SERVICEACCOUNT [kubectl options]" >&2
1313
echo "" >&2
14-
echo "This script creates a kubeconfig with the specified serviceaccount token and outputs it to stdout." >&2
14+
echo "This script creates a kubeconfig to access the apiserver with the specified serviceaccount and outputs it to stdout." >&2
1515

1616
exit 1
1717
fi
@@ -20,12 +20,16 @@ function _kubectl() {
2020
kubectl $@ $kubectl_options
2121
}
2222

23-
secret="$1"
23+
serviceaccount="$1"
2424
kubectl_options="${@:2}"
2525

26-
serviceaccount="$(_kubectl get secret "$secret" -o "jsonpath={.metadata.annotations.kubernetes\.io\/service-account\.name}")"
27-
if [[ -z "$serviceaccount" ]]; then
28-
echo "$secret is NOT serviceaccount token" >&2
26+
if ! secret="$(_kubectl get serviceaccount "$serviceaccount" -o 'jsonpath={.secrets[0].name}' 2>/dev/null)"; then
27+
echo "serviceaccounts \"$serviceaccount\" not found." >&2
28+
exit 2
29+
fi
30+
31+
if [[ -z "$secret" ]]; then
32+
echo "serviceaccounts \"$serviceaccount\" doesn't have a serviceaccount token." >&2
2933
exit 2
3034
fi
3135

0 commit comments

Comments
 (0)