Worker Cluster Secrets Retrieval Script
Introduction
To install the Slice Operator on the worker cluster, this topic outlines a step-by-step process for creating a shell script that retrieves the worker cluster's secrets from the controller cluster. Once the script has been executed, copy the output and use it to create the secrets YAML file, which is then used to install the Slice Operator on the worker cluster.
Retrieve Worker Cluster Secrets
To run the script to get the secrets of the worker cluster from the controller cluster:
Create Script
- Copy and paste the given script into a file named
secrets.sh
# The script returns a kubeconfig for the service account given
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
# Cosmetics for the created config
firstWorkerSecretName=$1
# cluster name what you given in clusters registration
clusterName=$2
# the Namespace and ServiceAccount name that is used for the config
namespace=$3
# Need to give correct network interface value like ens160, eth0 etc
networkInterface=$4
# kubectl cluster-info of respective worker-cluster
worker_endpoint=$5
# Enter your username getting through mail
dusername=$6
# Enter your password getting through mail
dpassword=$7
######################
# actual script starts
set -o errexit
### Fetch Worker cluster Secrets ###
PROJECT_NAMESPACE=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.namespace})
CONTROLLER_ENDPOINT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.controllerEndpoint})
CA_CRT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath='{.data.ca\.crt}')
TOKEN=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.token})
echo "
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: ${PROJECT_NAMESPACE}
endpoint: ${CONTROLLER_ENDPOINT}
ca.crt: ${CA_CRT}
token: ${TOKEN}
cluster:
name: ${clusterName}
endpoint: ${worker_endpoint}
netop:
networkInterface: ${networkInterface}
imagePullSecrets:
repository: https://index.docker.io/v1/
username: ${kubesliceRegistrationUsername}
password: ${kubesliceRegistrationPassword}
email: ${kubesliceRegistrationEmail}
The following information is required to run the script.
Parameter | Description |
---|---|
<worker-secret-name> | The worker secret name that you get by running this command on the KubeSlice Controller: kubectl get secrets -n kubeslice-<projectname> . For example, kubeslice-rbac-worker-kind-worker-1-token-s9d96 . |
<worker-cluster-name> | The given name of the worker cluster. |
kubeslice-<projectname> | The given name of your project. For example, add kubeslice-avesha as the project namespace. |
<network-interface> | The worker network interface you get in the above output by doing route lookup on the 8.8.8.8 IP address. For example, add eth0 as the parameter value. |
<worker-api-endpoint | The endpoint of the worker cluster you get by running this command: kubectl cluster-info . For example, add https://34.105.95.217 as the endpoint. |
<kubesliceRegistrationUsername> | The username you received in the KubeSlice Registration email. |
<kubesliceRegistrationPassword> | The password you received in the KubeSlice Registration email. |
<kubesliceRegistrationEmail> | The email address you used in the KubeSlice Registration process. |
- Open the terminal where you have
kubectl
on PATH and set the context to the cluster for which you want to create the config.
Retrieve Network Interface
- Get the name of the network interface on the gateway nodes that is the egress interface for external traffic.
warning
The below command does not work for OpenShift clusters.
Use the following command on the gateway node:
ip route get 8.8.8.8 | awk '{ print $5 }'
Example
ip route get 8.8.8.8 | awk '{ print $5 }'
Example Output
eth0