Worker Cluster Secrets Retrieval Script
Introduction
To install the Slice Operator on the worker cluster, this topic outlines a step-by-step process for creating a shell script that retrieves the worker cluster's secrets from the controller cluster. Once the script has been executed, copy the output and use it to create the secrets YAML file, which is then used to install the Slice Operator on the worker cluster.
Retrieve Worker Cluster Secrets
To run the script to get the secrets of the worker cluster from the controller cluster:
Create Script
- Copy and paste the given script into a file named
secrets.sh
# The script returns a kubeconfig for the service account given
# you need to have kubectl on PATH with the context set to the cluster you want to create the config for
# Cosmetics for the created config
firstWorkerSecretName=$1
# cluster name what you given in clusters registration
clusterName=$2
# the Namespace and ServiceAccount name that is used for the config
namespace=$3
# Need to give correct network interface value like ens160, eth0 etc
networkInterface=$4
# kubectl cluster-info of respective worker-cluster
worker_endpoint=$5
# Enter your username getting through mail
dusername=$6
# Enter your password getting through mail
dpassword=$7
######################
# actual script starts
set -o errexit
### Fetch Worker cluster Secrets ###
PROJECT_NAMESPACE=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.namespace})
CONTROLLER_ENDPOINT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.controllerEndpoint})
CA_CRT=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath='{.data.ca\.crt}')
TOKEN=$(kubectl get secrets $firstWorkerSecretName -n $namespace -o jsonpath={.data.token})
echo "
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: ${PROJECT_NAMESPACE}
endpoint: ${CONTROLLER_ENDPOINT}
ca.crt: ${CA_CRT}
token: ${TOKEN}
cluster:
name: ${clusterName}
endpoint: ${worker_endpoint}
netop:
networkInterface: ${networkInterface}
imagePullSecrets:
repository: https://index.docker.io/v1/
username: ${kubesliceRegistrationUsername}
password: ${kubesliceRegistrationPassword}
email: ${kubesliceRegistrationEmail}
The following information is required to run the script.
Parameter | Description |
---|---|
<worker-secret-name> | The worker secret name that you get by running this command on the KubeSlice Controller: kubectl get secrets -n kubeslice-<projectname> . For example, kubeslice-rbac-worker-kind-worker-1-token-s9d96 . |
<worker-cluster-name> | The given name of the worker cluster. |
kubeslice-<projectname> | The given name of your project. For example, add kubeslice-avesha as the project namespace. |
<network-interface> | The worker network interface you get in the above output by doing route lookup on the 8.8.8.8 IP address. For example, add eth0 as the parameter value. |
<worker-api-endpoint | The endpoint of the worker cluster you get by running this command: kubectl cluster-info . For example, add https://34.105.95.217 as the endpoint. |
<kubesliceRegistrationUsername> | The username you received in the KubeSlice Registration email. |
<kubesliceRegistrationPassword> | The password you received in the KubeSlice Registration email. |
<kubesliceRegistrationEmail> | The email address you used in the KubeSlice Registration process. |
- Open the terminal where you have
kubectl
on PATH and set the context to the cluster for which you want to create the config.
Retrieve Network Interface
- Get the name of the network interface on the gateway nodes that is the egress interface for external traffic.
The below command does not work for OpenShift clusters.
Use the following command on the gateway node:
ip route get 8.8.8.8 | awk '{ print $5 }'
Example
ip route get 8.8.8.8 | awk '{ print $5 }'
Example Output
eth0
Execute Script
-
Run the command
sh secrets.sh <worker-secret-name> <worker-cluster-name> <kubeslice-projectname> <network-interface> <worker-api-endpoint> <kubesliceRegistrationUsername> <kubesliceRegistrationPassword>
by replacing the placeholders with actual values.For example:
sh secrets.sh kubeslice-rbac-worker-kind-worker-1-token-s9d96 kind-worker-1 kubeslice-avesha ens160 https://10.0.0.101 user1 abcdefg-12345
Note: The worker-secret-name is the name of the worker secret that can be obtained by running the command
kubectl get secrets -n kubeslice-<projectname>
on KubeSlice Controller. -
The script will fetch the worker cluster secrets and provide an output in the markdown language.
Example Output
---
## Base64 encoded secret values from controller cluster
controllerSecret:
namespace: a3ViZXNsaWNlLWF2ZXNoYQ==
endpoint: aHR0cHM6Ly9DNjgwNTQ5MUNBNTI2MzVFM0YzNEUwQTFDRTRDMkY3RS5ncjcudXMtZWFzdC0xLmVrcy5hbWF6b25hd3MuY29t
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lNREEzTURZeE5Gb1hEVE15TURreE56QTNNRFl4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXR2ClpXczQ1RVhicDdZMDJWdEJibUJITHBOTVN4VnpEQzBvWTh5N3R1YmJLWEJFRk9xbGVzU2trYWpmanJ5dGdTZzgKSmE2bXQ0TERjSlQrQ3FmYzMxYWN5RWpHdXlPeFM0Tmt4RGlBdkI0bHRyY2JLMmhnNkJmOWk1RDBTUzV5Rzh3WQpHZVV1bDkyOGlRcnVQeUxTY21wc0s3Y2sxL2FIQjAybDZpNmh5UWhyb1NMWSs5RHhobDdaVTBDMGpwTTQrZG1tClJ1cndVSEUvSGdFQ20yOUZuc3RiOTNZU2NsN3pERG4wdll1SVMrcWZoY2ZTSHR3VFRoZ1JkRlVtWStNUzM2dEYKSXBqNG8xT2xhdXRaMVZkUEJMbGRxUTdxTmlwVGtNbmZhTHA3U0h1QUUxSHV0N0xCOUxSMFAwQXlNU0NwbDV6QQpWWld1VVQ2cmw4TzZDMU5lUmY4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNnJkejFRa0NoU2ZtcjBRVU5CeGt3M3pKeFZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBVWlaYnl2T1N6bVU5YnlWdVFreE9xaVZVdnBVUFlhZDJoZmJsejd0Z1krNWljYnR3SApoeDg1Rmp3WkZvRktkQVJiN1cxYnJnTG5OcXhDZEllWTVKZEkzTlBZRjZrVlc3ZmNMckUwK1BEWXhkc3dDZXdlCk9DSklUSFp3YjNQM05qMUNzTmVVaHg0Um4wd2FiYjlzS0xkUG5Bc0NRNFplTWxaalBSUllIeHg5QVU2ZWNxbXMKZWJWUkRpVTUzekJGd2tpSEhyZHRDTDNQQmxCZENvY0s5dXFQSi9nSXJDYVBrWGl3SlNZb0NrdWt4dm9rZk9xVgpONWd5QXFKL2o4RmkwUEh3UkVIUXNHVnVvajhxQjJzYUd4ZExhcTVWditsQVJpWktEVGhrVXJEeUE0YjB5c0w2CnZDUGtJRUl1ZE5SSGQ3eEJ6ckxPcVhVdXFGREJvTS92TFhaOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqWkdZVEpwTlZWb1drcEhaaTF6VWpSa09WaENlRjlCUzNaSU1uQlhaMEZEY2xGTldrOXFOVUppWjJjaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpyZFdKbGMyeHBZMlV0WVhabGMyaGhJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbXQxWW1WemJHbGpaUzF5WW1GakxYZHZjbXRsY2kxbmEyVXRkMjl5YTJWeUxURXRkRzlyWlc0dE9EVjBiV01pTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pYTNWaVpYTnNhV05sTFhKaVlXTXRkMjl5YTJWeUxXZHJaUzEzYjNKclpYSXRNU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJalJpT0RWak5tWmpMV1ZrWXpFdE5HRTNZeTFpT0dWaUxUVmxNVEUyTURrd1lXRmhNaUlzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwcmRXSmxjMnhwWTJVdFlYWmxjMmhoT210MVltVnpiR2xqWlMxeVltRmpMWGR2Y210bGNpMW5hMlV0ZDI5eWEyVnlMVEVpZlEuRVNkVm1vajA3OXBrSmkzbktGMFhuZE9sa2Q4aGJJdUNaLURpdG1UOGZkVmRkeGhPWEdfcVFSSXZqN05tb1JMUC1xdzJacHliZmgtYWJRVUtNSHFTTGM0aFNBMFhaTTI2UnprWUpRZU9NUE80dGdqdjVQaWNYRkJDbFo0Vk93d2V0WE5Ldi1TLVhiOWVYeHBGQjVDZUozVm0tZjlBV2xXZkMzLUg3aTBoZVlXaWdOSU85SEFFeU43b1RtYXV3WFRRRUg3YVlNOURpZmRreHNaTjZyeTlPZ09TbzJMcUQyc2F2bzNVSU5iX3d6bzdkc2t3T0NuZjdOQk1pMzJOYmZTZ2dBaFdNOUVFM0hyUzFXMWgzZEJLZURMZjEzNXVGZjB4N29NM2lfSUliTzNnZlhYaDVKN3UwS1RIYXNvVFRwVFJhY29NVWkzZ3lnaFN5R0Y0dmVXSzZB
cluster:
name: gke-worker-1
endpoint: https://34.105.95.217
netop:
networkInterface: eth0
imagePullSecrets:
repository: https://index.docker.io/v1/
username: Kumar
password: 5585799-5d5a-48fa-b805-f4a1ffb110
email: aveshaenterprise@gmail.com
Save Output
- Save the above output to a file called
secrets.yaml
which will be used during the installation process of the Slice Operator on the worker clusters.