Script to Get the Secrets of the Worker Cluster
Introduction
This topic describes the process for writing the shell script that retrieves the worker cluster's secrets from the controller cluster. Copy the script output to create the secrets YAML file. Use this YAML file to install the Slice Operator on the worker cluster.
Getting Secrets of the Worker Cluster from the Controller cluster
Copy and save the below script in the secrets.sh file.
# The script returns a kubeconfig for the service account given
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
# Cosmetics for the created config
firstWorkerSecretName=$1
# cluster name what you given in clusters registration
clusterName=$2
# the Namespace and ServiceAccount name that is used for the config
namespace=$3
# Need to give correct network interface value like ens160, eth0 etc
networkInterface=$4
######################
# actual script starts
set -o errexit
### Fetch Worker cluster Secrets ###
PROJECT_NAMESPACE=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.namespace})
CONTROLLER_ENDPOINT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.controllerEndpoint})
CA_CRT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath='{.data.ca\.crt}')
TOKEN=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.token})
echo "
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: ${PROJECT_NAMESPACE}
endpoint: ${CONTROLLER_ENDPOINT}
ca.crt: ${CA_CRT}
token: ${TOKEN}
cluster:
name: ${clusterName}
netop:
networkInterface: ${networkInterface}
Getting the Worker Network Interface
Get the name of the network interface on the gateway nodes that is the egress interface for external traffic.
warning
The below command does not work for OpenShift clusters.
Use the following command on the gateway node:
ip route get 8.8.8.8 | awk '{ print $5 }'
Example
ip route get 8.8.8.8 | awk '{ print $5 }'
Example Output
eth0
The following information is required to run the script.
| Parameter | Description |
|---|---|
<worker-secret-name> | The worker secret name that you get by running this command on the KubeSlice Controller: kubectl get secrets -n kubeslice-<projectname>. For example, kubeslice-rbac-worker-kind-worker-1-token-s9d96. |
<worker-cluster-name> | The given name of the worker cluster. |
kubeslice-<projectname> | The given name of your project. For example, add kubeslice-avesha as the project namespace. |
<network-interface> | The worker network interface you get in the above output by doing route lookup on ip 8.8.8.8. For example, add eth0 as the parameter value. |
Use the following command to get the secrets of the worker cluster from the controller cluster:
sh secrets.sh <worker-secret-name> <worker-cluster-name> <kubeslice-projectname> <network-interface>
Example
sh secrets.sh kubeslice-rbac-worker-gke-worker-1-token-85tmc gke-worker-1 kubeslice-avesha eth0
Example Output
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
endpoint: aHR0cHM6Ly9DNjgwNTQ5MUNBNTI2MzVFM0YzNEUwQTFDRTRDMkY3RS5ncjcudXMtZWFzdC0xLmVrcy5hbWF6b25hd3MuY29t
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lNREEzTURZeE5Gb1hEVE15TURreE56QTNNRFl4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXR2ClpXczQ1RVhicDdZMDJWdEJibUJITHBOTVN4VnpEQzBvWTh5N3R1YmJLWEJFRk9xbGVzU2trYWpmanJ5dGdTZzgKSmE2bXQ0TERjSlQrQ3FmYzMxYWN5RWpHdXlPeFM0Tmt4RGlBdkI0bHRyY2JLMmhnNkJmOWk1RDBTUzV5Rzh3WQpHZVV1bDkyOGlRcnVQeUxTY21wc0s3Y2sxL2FIQjAybDZpNmh5UWhyb1NMWSs5RHhobDdaVTBDMGpwTTQrZG1tClJ1cndVSEUvSGdFQ20yOUZuc3RiOTNZU2NsN3pERG4wdll1SVMrcWZoY2ZTSHR3VFRoZ1JkRlVtWStNUzM2dEYKSXBqNG8xT2xhdXRaMVZkUEJMbGRxUTdxTmlwVGtNbmZhTHA3U0h1QUUxSHV0N0xCOUxSMFAwQXlNU0NwbDV6QQpWWld1VVQ2cmw4TzZDMU5lUmY4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNnJkejFRa0NoU2ZtcjBRVU5CeGt3M3pKeFZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBVWlaYnl2T1N6bVU5YnlWdVFreE9xaVZVdnBVUFlhZDJoZmJsejd0Z1krNWljYnR3SApoeDg1Rmp3WkZvRktkQVJiN1cxYnJnTG5OcXhDZEllWTVKZEkzTlBZRjZrVlc3ZmNMckUwK1BEWXhkc3dDZXdlCk9DSklUSFp3YjNQM05qMUNzTmVVaHg0Um4wd2FiYjlzS0xkUG5Bc0NRNFplTWxaalBSUllIeHg5QVU2ZWNxbXMKZWJWUkRpVTUzekJGd2tpSEhyZHRDTDNQQmxCZENvY0s5dXFQSi9nSXJDYVBrWGl3SlNZb0NrdWt4dm9rZk9xVgpONWd5QXFKL2o4RmkwUEh3UkVIUXNHVnVvajhxQjJzYUd4ZExhcTVWditsQVJpWktEVGhrVXJEeUE0YjB5c0w2CnZDUGtJRUl1ZE5SSGQ3eEJ6ckxPcVhVdXFGREJvTS92TFhaOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqWkdZVEpwTlZWb1drcEhaaTF6VWpSa09WaENlRjlCUzNaSU1uQlhaMEZEY2xGTldrOXFOVUppWjJjaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxbmEyVXRkMjl5YTJWeUxURXRkRzlyWlc0dE9EVjBiV01pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pYTNWaVpYTnNhV05sTFhKaVlXTXRkMjl5YTJWeUxXZHJaUzEzYjNKclpYSXRNU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJalJpT0RWak5tWmpMV1ZrWXpFdE5HRTNZeTFpT0dWaUxUVmxNVEUyTURrd1lXRmhNaUlzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwcmRXSmxjMnhwWTJVdFlYWmxjMmhoT210MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMW5hMlV0ZDI5eWEyVnlMVEVpZlEuRVNkVm1vajA3OXBrSmkzbktGMFhuZE9sa2Q4aGJJdUNaLURpdG1UOGZkVmRkeGhPWEdfcVFSSXZqN05tb1JMUC1xdzJacHliZmgtYWJRVUtNSHFTTGM0aFNBMFhaTTI2UnprWUpRZU9NUE80dGdqdjVQaWNYRkJDbFo0Vk93d2V0WE5Ldi1TLVhiOWVYeHBGQjVDZUozVm0tZjlBV2xXZkMzLUg3aTBoZVlXaWdOSU85SEFFeU43b1RtYXV3WFRRRUg3YVlNOURpZmRreHNaTjZyeTlPZ09TbzJMcUQyc2F2bzNVSU5iX3d6bzdkc2t3T0NuZjdOQk1pMzJOYmZTZ2dBaFdNOUVFM0hyUzFXMWgzZEJLZURMZjEzNXVGZjB4N29NM2lfSUliTzNnZlhYaDVKN3UwS1RIYXNvVFRwVFJhY29NVWkzZ3lnaFN5R0Y0dmVXSzZB
cluster:
name: gke-worker-1
netop:
networkInterface: eth0
note
Create your secrets YAML file using the above output to install the Slice Operator on the worker cluster.
