forked from aws-samples/amazon-eks-kubernetes-api-aws-lambda
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path3-kube-setup.sh
executable file
·64 lines (58 loc) · 1.67 KB
/
3-kube-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/bash
if ! hash aws 2>/dev/null || ! hash kubectl 2>/dev/null || ! hash eksctl 2>/dev/null; then
echo "This script requires the AWS cli, kubectl, and eksctl installed"
exit 2
fi
set -eo pipefail
ROLE_ARN=$(aws cloudformation describe-stacks --stack-name eks-lambda-python --query "Stacks[0].Outputs[?OutputKey=='Role'].OutputValue" --output text)
CLUSTER_NAME=$(cat cluster-name.txt)
RBAC_OBJECT='kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-only
namespace: default
rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-only-binding
namespace: default
roleRef:
kind: Role
name: read-only
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: Group
name: read-only-group'
echo ==========
echo Create Role and RoleBinding in Kubernetes with kubectl
echo ==========
echo "$RBAC_OBJECT"
echo
while true; do
read -p "Do you want to create the Role and RoleBinding? (y/n)" response
case $response in
[Yy]* ) echo "$RBAC_OBJECT" | kubectl apply -f -; break;;
[Nn]* ) break;;
* ) echo "Response must start with y or n.";;
esac
done
echo
echo ==========
echo Update aws-auth configmap with a new mapping
echo ==========
echo Cluster: $CLUSTER_NAME
echo RoleArn: $ROLE_ARN
echo
while true; do
read -p "Do you want to create the aws-auth configmap entry? (y/n)" response
case $response in
[Yy]* ) eksctl create iamidentitymapping --cluster $CLUSTER_NAME --group read-only-group --arn $ROLE_ARN; break;;
[Nn]* ) break;;
* ) echo "Response must start with y or n.";;
esac
done