sigs.k8s.io/kueue@v0.6.2/hack/create-multikueue-kubeconfig.sh (about) 1 #!/bin/bash 2 3 # Copyright 2024 The Kubernetes Authors. 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -o errexit 18 set -o nounset 19 set -o pipefail 20 21 KUBECONFIG_OUT=${1:-kubeconfig} 22 MULTIKUEUE_SA=multikueue-sa 23 NAMESPACE=kueue-system 24 25 echo "Creating a custom MultiKueue Role and Service Account" 26 kubectl apply -f - <<EOF 27 apiVersion: v1 28 kind: ServiceAccount 29 metadata: 30 name: ${MULTIKUEUE_SA} 31 namespace: ${NAMESPACE} 32 --- 33 apiVersion: rbac.authorization.k8s.io/v1 34 kind: ClusterRole 35 metadata: 36 name: multikueue-role 37 rules: 38 - apiGroups: 39 - batch 40 resources: 41 - jobs 42 verbs: 43 - create 44 - delete 45 - get 46 - list 47 - watch 48 - apiGroups: 49 - batch 50 resources: 51 - jobs/status 52 verbs: 53 - get 54 - apiGroups: 55 - jobset.x-k8s.io 56 resources: 57 - jobsets 58 verbs: 59 - create 60 - delete 61 - get 62 - list 63 - watch 64 - apiGroups: 65 - jobset.x-k8s.io 66 resources: 67 - jobsets/status 68 verbs: 69 - get 70 - apiGroups: 71 - kueue.x-k8s.io 72 resources: 73 - workloads 74 verbs: 75 - create 76 - delete 77 - get 78 - list 79 - watch 80 - apiGroups: 81 - kueue.x-k8s.io 82 resources: 83 - workloads/status 84 verbs: 85 - get 86 - patch 87 - update 88 --- 89 apiVersion: rbac.authorization.k8s.io/v1 90 kind: ClusterRoleBinding 91 metadata: 92 name: multikueue-crb 93 roleRef: 94 apiGroup: rbac.authorization.k8s.io 95 kind: ClusterRole 96 name: multikueue-role 97 subjects: 98 - kind: ServiceAccount 99 name: ${MULTIKUEUE_SA} 100 namespace: ${NAMESPACE} 101 EOF 102 103 SA_SECRET_NAME=$(kubectl get -n ${NAMESPACE} sa/${MULTIKUEUE_SA} -o "jsonpath={.secrets[0]..name}") 104 if [ -z $SA_SECRET_NAME ] 105 then 106 # Create the secret and bind it to the desired SA 107 kubectl apply -f - <<EOF 108 apiVersion: v1 109 kind: Secret 110 type: kubernetes.io/service-account-token 111 metadata: 112 name: ${MULTIKUEUE_SA} 113 namespace: ${NAMESPACE} 114 annotations: 115 kubernetes.io/service-account.name: "${MULTIKUEUE_SA}" 116 EOF 117 118 SA_SECRET_NAME=${MULTIKUEUE_SA} 119 fi 120 121 # Note: service account token is stored base64-encoded in the secret but must 122 # be plaintext in kubeconfig. 123 SA_TOKEN=$(kubectl get -n ${NAMESPACE} secrets/${SA_SECRET_NAME} -o "jsonpath={.data['token']}" | base64 -d) 124 CA_CERT=$(kubectl get -n ${NAMESPACE} secrets/${SA_SECRET_NAME} -o "jsonpath={.data['ca\.crt']}") 125 126 # Extract cluster IP from the current context 127 CURRENT_CONTEXT=$(kubectl config current-context) 128 CURRENT_CLUSTER=$(kubectl config view -o jsonpath="{.contexts[?(@.name == \"${CURRENT_CONTEXT}\"})].context.cluster}") 129 CURRENT_CLUSTER_ADDR=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CURRENT_CLUSTER}\"})].cluster.server}") 130 131 echo "Writing kubeconfig in ${KUBECONFIG_OUT}" 132 cat > ${KUBECONFIG_OUT} <<EOF 133 apiVersion: v1 134 clusters: 135 - cluster: 136 certificate-authority-data: ${CA_CERT} 137 server: ${CURRENT_CLUSTER_ADDR} 138 name: ${CURRENT_CLUSTER} 139 contexts: 140 - context: 141 cluster: ${CURRENT_CLUSTER} 142 user: ${CURRENT_CLUSTER}-${MULTIKUEUE_SA} 143 name: ${CURRENT_CONTEXT} 144 current-context: ${CURRENT_CONTEXT} 145 kind: Config 146 preferences: {} 147 users: 148 - name: ${CURRENT_CLUSTER}-${MULTIKUEUE_SA} 149 user: 150 token: ${SA_TOKEN} 151 EOF 152 153 echo "Done!"