#!/bin/sh
die () {
    printf >&2 "$@"
    exit 1
}
[ "$#" -eq 2 ] || die "2 arguments are required, only $# provided\nUsage: ./create_kubeconfig.sh <server_FQDN> <service_account>\nExample ./create_kubeconfig.sh https://172.16.197.148:6443 blr-clus-sa\n"
# your server name goes here
server=$1
user=$2
kubectl get sa -o name | grep "/$user\$"
if [ $? -eq 0 ]; then
	die "Service Account $user already present.\n"
fi
kubectl create sa $user
# create cluster role binding
kubectl create clusterrolebinding $user-binding --clusterrole=cv-role --serviceaccount=default:$user
# the name of the secret containing the service account token goes here
name=`kubectl get secrets | grep $user | cut -d" " -f1`
ca=$(kubectl get secret/$name -o jsonpath='{.data.ca\.crt}')
token=$(kubectl get secret/$name -o jsonpath='{.data.token}' | base64 --decode)
namespace=$(kubectl get secret/$name -o jsonpath='{.data.namespace}' | base64 --decode)
echo "
apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: $user-k8s
  cluster:
    certificate-authority-data: ${ca}
    server: ${server}
contexts:
- name: $user-context
  context:
    cluster: $user-k8s
    namespace: default
    user: $user
current-context: $user-context
users:
- name: $user
  user:
    token: ${token}
" > $user.kubeconfig
printf "kubeconfig file created : $PWD/$user.kubeconfig\n"
printf "Verify using kubectl --kubeconfig=$PWD/$user.kubeconfig get namespaces\n"