Add get-kubeconfig.sh script, fix documentation & sample config

config/sv_kubeconfig

@@ -1,7 +1,7 @@
 apiVersion: v1
 clusters:
 - cluster:
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EWXhNekU1TkRneU1sb1hEVE15TURZeE1ERTVORGd5TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGc5CnZNMk5rRzhMRFhDVzJFWTlNOEVVS0YwaWM4NHlKNjB3WmJMcjBjSk5pTy91blVPcy9YTGY4ODRucm9jbXFRWmUKZFBaU29mYzdrMHR2Wk83UDU3WXNDV3J6U1duU3RBaUdyWTB1UVJhVXJnK1FEK09HV0wydHpPTG5ac2xFR0FOMApvVXVDaDJHL3FCYWI1YkpiUE04RmovOEJYMkNGd1pLRTBzQi9MdEF4eVh0ZnBLYmJCVHVHdEdxbkZoaEJXQWhYCjUwNzJLY0tIclNHc2FEVHNuSzhhOHlML3lrZmZXWEVocVdBUmlxNXZxUHc1ZWorV3c2RTdJcTQvRjZoTkpMY28Kd0paallYeHBIZHBUcXF5bHhJWUJGdTNoWi8rMm5OL2hCTjg1NU1idzNpU0xjcHNzQmkrSVF6Zjc4V0EvVWxTdQpweFpLTHFKMmhMSHhZeFBtNUFjQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZGVHVDbHBUWG1jY1pZcWlyU1dIQ05nZ1owUWhNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSTYwcHZOanBSVXM3VEtTZ3h0LwowQlc1MWxmRC9QVGRrNDB1U0hHZFJGc3h4S1h3VXVGTkphOHF3d2FPV2tvb1Q4VmZVZTJCNGJyVHhLNFJDUWRlCmU1VFc4bzRzZ2pSeHBHVVFEbnFBRUNzNHlmRzRxenIwYzZONW1hTDZJN0IxOFJjcVVMSFlUeUxGdHJLUXNuN3IKNmdMaWt5cDZFTW1tcStyRmpHZ3p3QkprQTk5NFRtcEQ5VGxXajlzem1VeGJ0YjByZG9RZWwxcVkzZmsrWWNQWgowZTV3WHBJMWJhMHhkYTVSdkxNR2lTQnRVZk92eTNTeTFDRFdXR1lBc2tMMUg4eWhtY2RGSDd2YkpDWGE5bmJXCnFNd0lPTzhuMHhmUHl6V0lBbDFYK3pKaUJmMmtUUzFLZldXODR1aU5pRW9rS3ZEeEk3cjViZkRKMU1FSk9TRXgKeTV3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    certificate-authority-data: <cluster-CA>
     server: <Cluster endpoint (IP:port/DNS of master node)>
   name: kubernetes
 contexts:
@@ -15,5 +15,5 @@ preferences: {}
 users:
 - name: kubernetes-admin
   user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJTDFCc0RaTHRKQUV3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBMk1UTXhPVFE0TWpKYUZ3MHlNekEyTVRNeE9UUTRNalZhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTgra2gyeW02ek12a3p3SVYKZk90ajhwRlBLRUhvdXQxUmErYWZFSEZmN1M2RFZmMG53RjhnUGMrU1p0Sk1sTzAraitSQXdhamIxcFZSenJHKwp0NEIzK2tZUjNJdTdoUjIrVW5ySE1ScmpnMDFycC8rU01lRmZKTDFrZjZsRjhwTFlhSHZWZVAveDBvSTMxZENRCnorM2dzVmYrZ0ozY3JMSUR6aEsxUTAraXlSUVNiRXVEaDN3bHp0UWI3dm9iZ0pQamwxK2ErOEVMdnQ3RWo0NHYKQVZsOHdrMFl5eW9HZEdPdk9PeVFSbmlIT2RWbFAwVTBnajdJQnQ2NDFNV3BkU1pJVHJ5bTRVb2FwcUVMVXVrWQozWUVEUG0xdzNDV3Y3VFQ1bVJLNWRVZGN5Mk9sTHYzWUxiMWtDWlNYWFd1ekQyRGVKdVBDWWhYQmVLU3MxR0UwCkNPQy9Td0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSVTdncGFVMTVuSEdXS29xMGxod2pZSUdkRQpJVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBampKN3daK2RYc2VBOVB5Ukh3RFB4QnpoTGM0UkI4Z3F6TjBxCmhqa3dnYnJIUkVyeEFrWm5yNkE5M1N6eTJ6NjZPYkRGS3ltTTNXUEZWRmVIMWx2VCt0T0tXSitFdzgyNVNmZU8KUGVmdWY1cXBnNndkcDlUTXo4NjBDcTN1eTBSNlJCUlFtYUtYUUprUWtqNTZHWTlEUzF3UlhxeUovaXN0ZEhjZApmOFRnS3ZsbWZwQ3QzdzBwaWdGbmdPN0VKc2VoK2RuUDgvc0xLRVpoYVpDYStXVVRIMTIwM05XWWhPWFB0T1c2CmlTdG5NelpQeXY1YiswOGFtZ2FwcHUvZTk4SHozM3NYbUcwWHI1NHpQWHhtSnNZTzVOS1NUQUF3VHBJbXovNWwKeEVKYldTVTlSandqcVZvcGhDZEVhSnFvMkwvWXdzeTg5aDEvTmdsWVJ4WWRJTkVuZUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBOCtraDJ5bTZ6TXZrendJVmZPdGo4cEZQS0VIb3V0MVJhK2FmRUhGZjdTNkRWZjBuCndGOGdQYytTWnRKTWxPMCtqK1JBd2FqYjFwVlJ6ckcrdDRCMytrWVIzSXU3aFIyK1VuckhNUnJqZzAxcnAvK1MKTWVGZkpMMWtmNmxGOHBMWWFIdlZlUC94MG9JMzFkQ1F6KzNnc1ZmK2dKM2NyTElEemhLMVEwK2l5UlFTYkV1RApoM3dsenRRYjd2b2JnSlBqbDErYSs4RUx2dDdFajQ0dkFWbDh3azBZeXlvR2RHT3ZPT3lRUm5pSE9kVmxQMFUwCmdqN0lCdDY0MU1XcGRTWklUcnltNFVvYXBxRUxVdWtZM1lFRFBtMXczQ1d2N1RUNW1SSzVkVWRjeTJPbEx2M1kKTGIxa0NaU1hYV3V6RDJEZUp1UENZaFhCZUtTczFHRTBDT0MvU3dJREFRQUJBb0lCQVFDbUVTd1ErVGVMS3FPdAo0Z0JaWGpkZHQxdkswQjB4NVhBRFpERVcwK3A1SlhzY2Q5R3g0OUtpNHdvTjRjOXNjcDl1L3Z5c0hsa1huL0RrCkp4YnYvNU13bnJhWWo3YnNLbFVqK1I1WUs3T04rWTk4QWNFN0h2UlZvbkdqamMvbkdkNG9QWEFhQTBGVmozMk8Kb1lPSFhySG1iVUFGdC9YQXl5OVdCbHpONkpHd0R4c3RGWmJsWTVYVFFUQm8yZEpWN0pldmV3NU5UNjZHdW81WApsRnZyWnp1LzRiK1JjL0kvQzYvSkUzRXFnN0Rwd3RjNURHVkIwbEpKN1d6blNlN3JyWjE3dVY4aGVRdFVNVm5PCjhXdlI2TTh6c3Y3RmtWOVNZWC9WenNTVUh0RFgvdGNDdlQva1Y0L0dxdzFNUmlxeXFaeWc2TmF6M3lVV0VwWnEKV2FDM1JXOXBBb0dCQVA1WEYwOEpXQzdYazRIMCtXYWJ0VHFBZnV4WWhjMzg3Qk8vVktlNnlYc29yMlR3MjVxSgovR3d1aE1oandzcTlVeHNVZlZsRXdvS0tMdVZJUnZHbExiRk03QWdJOG9NRlh5TUNjOGd3YmMxeWhRRno0U3JaClRWRDZQNGFId2tnYW5yZUd4TktmZlliblVpL0s3UGJud1Q3dUMzeTlGK21sU2svLzdYK2xmYi8zQW9HQkFQV0EKbmdjcHhhWkYzUTZkSWh1S05mZENKNmlQVDltb2ZkVzFaalQ2QzJQSk52eVpjekZyU2tkSm5HVTJLZ2JzanR3cgpFZHBwcTR1ZmZZanpFOFQrTkVMNzFQUHlMUUdTWk9rQnZoQjJuU1M3SzkrVmJoMS81YjIvc0tRNkV5eXEyYXNYCk9CSko4MzFKWk5WeGsvbHE3TWttL21GOUpFekJJTE5zQkc1Y1JZNU5Bb0dCQUtkQzZQNCtPL0xhTEpTTFlUU2MKYzZ0Y2M1dkVmNEkrc1pZdS9tSXIwWEtnQi9DUEFTeDVVRHBvd1VQemIxZmE5L3RZRnpNTXFBb25DNzRYTVNpYgpJeGgxYU1mRDhwQTlpUnBCODVpVVdMR0NmWHUrRkRjVW51Y0JHNlBDUmY4YkdvUEJLbEVGT0F6dXRUcmU3Y1ZXCkZkem51VUE0THJDbDFlQVVnOEN0T2F4ekFvR0FKYmpyajBJMTRvU2RvTjg0SEc4eU41bnNxaFBMT3pDT2xVWFkKUEkrbkxHQUFtUE9qSlpiTXhRTmtpcEMyQ0haVXhUUEEvSVI4SFdvV1NmSy91T2N1ZEpScGRrcGg2L25vazN6MwpEV1NNWk5aMXVWY21vbFhDb1ZOUSt3c0pZeldsV0lxcXpQU2IrMFpKdmhwRG1IRjdqTFQzSlZlck9qZjZwRmNXCm56YUNZWWtDZ1lBb1BMbEVCejk3RzNhQWt0dzdzKy96TVg4Wlo0TTZSZ3ZXeEV2NXY5a0JRS2dJSjVyZmU4c0EKeEdOWFBCUUludk85SDdUTnlCZkk1K0JlRG5MRUNHVjVUbmQ5ODJhTytUbnJEV01XV3hGUnhZZkxqclNQRVUrZApvNmpXK0tZU1JFb0lwY3JSdExXVi9wYXJ6dlNYTDBNd2hYOTE0T01SWk0wNFRENDZ5ZEo0RHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+    client-certificate-data: <client-certificate-data>
+    client-key-data: <client-key-data>

config/vc_creds.json

@@ -1,5 +1,5 @@
 {
     "vc": "<vc-ip>",
-    "user": "<vc-admin-user>",
-    "password": "<vc-admin-password>"
+    "user": "<vc-user@domain>",
+    "password": "<vc-password>"
   }

docs/book/deployment/basicauth.md

@@ -10,9 +10,9 @@ Refer to sample config file provided under config folder.
 Refer to sample config file provided under config folder.
 ```
 {
-    "vc": "10.187.99.154",
-    "user": "vc-user@domain",
-    "password": "vc-password"
+    "vc": "<vc-ip>",
+    "user": "<vc-user@domain>",
+    "password": "<vc-password>"
 }
 ```
 

docs/book/deployment/oauth2.md

@@ -12,9 +12,9 @@ Refer to sample config file provided under config folder.
 Refer to sample config file provided under config folder.
 ```
 {
-    "vc": "vc-ip",
-    "user": "vc-user@domain",
-    "password": "vc-password"
+    "vc": "<vc-ip>",
+    "user": "<vc-user@domain>",
+    "password": "<vc-password>"
 }
 ```
 

scripts/get-kubeconfig.sh

@@ -0,0 +1,216 @@
+#!/bin/sh
+
+if [ $# -lt 2 ]
+then
+	echo "Usage: ./get-kubeconfig.sh <kubeconfig path> <output filename> <Optional: kubecontext> <Optional: cluster's server URL>"
+	exit 1
+fi
+
+if [ $# -eq 3 ]
+then
+	echo "Invalid input params. Server URL is a mandatory input param if K8s context is provided."
+	exit 1
+fi
+
+KUBECONFIG_FILE_PATH=$1
+OUTPUT_FILE=$2
+CONTEXT=$3
+SERVER_URL=$4
+
+export KUBECONFIG=$KUBECONFIG_FILE_PATH
+
+# If context is provided, set it
+if [ -n "$CONTEXT" ]
+then
+  kubectl config use-context $CONTEXT
+  if [ $? -ne 0 ]
+  then
+    echo "Error occurred in setting context"
+    exit 1
+  fi
+
+fi
+
+# This clean up function is called to clean up all resources that were created as part of this script.
+clean_up()
+{
+  kubectl delete sa cnsmanager-sa > /dev/null 2>&1
+  kubectl delete ClusterRole cnsmanager-sa-role > /dev/null 2>&1
+  kubectl delete ClusterRoleBinding cnsmanager-sa-rb > /dev/null 2>&1
+  kubectl config delete-user cnsmanager-sa > /dev/null 2>&1
+  rm -f cnsmanagerrbac.yaml > /dev/null 2>&1
+  rm -f cnsmanagerkubeconfig > /dev/null 2>&1
+  rm -f secret_output > /dev/null 2>&1
+  rm cnsmanagerkubeconfig.bak > /dev/null 2>&1
+}
+
+# Clean up env before proceeding
+clean_up
+
+echo "Starting creation of kubeconfig..."
+
+# Create service account for kubeconfig
+kubectl create sa cnsmanager-sa
+if [ $? -ne 0 ]
+then
+	echo "Failed to create service account. Cleaning up resources before exiting."
+	clean_up
+	exit 1
+fi
+
+token_secretname=$(kubectl get secret 2> /dev/null | grep "cnsmanager-sa-token" | awk '{print $1}')
+
+# Contents of token secret if required to be created explicitly
+cat <<EOF > cnsmanager-token-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cnsmgr-sa-token
+  annotations:
+    kubernetes.io/service-account.name: cnsmanager-sa
+type: kubernetes.io/service-account-token
+EOF
+
+# If token secret is not autogenerated, create it
+if [ -z "$token_secretname" ]
+then
+  token_secretname="cnsmgr-sa-token"
+  # Create token secret for cnsmanager-sa
+  kubectl apply -f cnsmanager-token-secret.yaml
+  if [ $? -ne 0 ]
+    then
+	  echo "Failed to create token secret for service account. Cleaning up resources before exiting."
+	  clean_up
+	  exit 1
+  fi
+fi
+
+sleep 3
+
+# Get the token secret created for CNS manager SA
+kubectl get secret $token_secretname -oyaml > secret_output
+if [ $? -ne 0 ]
+then
+  echo "Failed to find token secret for cnsmanager service account. Cleaning up resources before exiting."
+  clean_up
+  exit 1
+fi
+
+token=$(cat secret_output | grep "token:" | awk -F ' ' '{print $2}' | base64 -d)
+
+# Set config for cns manager SA
+kubectl config set-credentials cnsmanager-sa --token=$token
+if [ $? -ne 0 ]
+then
+  echo "Failed to set credentials in config. Cleaning up resources before exiting"
+  clean_up
+  exit 1
+fi
+
+# Extract values needed to contruct canmanager kubeconfig
+clusterAuthData=$(cat secret_output | grep "ca.crt:" | awk -F ' ' '{print $2}')
+
+# If server URL was provided in input, we don't need to extract it from kubeconfig file
+if [ -z $SERVER_URL ]
+then
+
+  num_of_clusters=$(cat $KUBECONFIG_FILE_PATH | grep -c "server:")
+
+  if [ $num_of_clusters -ne 1 ]
+  then
+    echo "Invalid configuration provided. If multiple clusters are concerned, provide the context and server URL also in input parameters."
+    clean_up
+    exit 1
+  fi
+
+  serverUrl=$(cat $KUBECONFIG_FILE_PATH | grep "server:" | awk -F ' ' '{print $2}')
+else
+  serverUrl=$SERVER_URL
+fi
+
+cat <<EOF > cnsmanagerkubeconfig
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: clusterAuthDataPlaceholder
+    server: serverUrlPlaceholder
+  name: cnsmgr-cluster
+contexts:
+- context:
+    cluster: cnsmgr-cluster
+    user: cnsmanager-sa
+  name: cnsmanager-sa
+current-context: cnsmanager-sa
+users:
+- name: cnsmanager-sa
+  user:
+    token: tokenPlaceholder
+EOF
+
+sed -i'.bak' -e "s~clusterAuthDataPlaceholder~$clusterAuthData~g" cnsmanagerkubeconfig
+sed -i'.bak' -r "s~serverUrlPlaceholder~$serverUrl~g" cnsmanagerkubeconfig
+sed -i'.bak' -e "s/tokenPlaceholder/$token/g" cnsmanagerkubeconfig
+
+cat <<EOF > cnsmanagerrbac.yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cnsmanager-sa-role
+rules:
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterroles"]
+  verbs: ["get", "list", "update", "escalate", "patch", "delete"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["persistentvolumes"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list"]
+- apiGroups: ["cns.vmware.com"]
+  resources: ["cnsvspherevolumemigrations"]
+  verbs: ["get", "list"]
+- apiGroups: ["cns.vmware.com"]
+  resources: ["csinodetopologies"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cnsmanager-sa-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cnsmanager-sa-role
+subjects:
+- kind: ServiceAccount
+  name: cnsmanager-sa
+  namespace: default
+EOF
+
+# Apply RBAC rules
+kubectl create -f cnsmanagerrbac.yaml
+if [ $? -ne 0 ]
+then
+  echo "Failed to create RBAC rules. Cleaning up resources before exiting"
+  clean_up
+  exit 1
+fi
+
+echo "\n"
+cat cnsmanagerkubeconfig > $OUTPUT_FILE
+echo "Generated kubeconfig stored in output file $OUTPUT_FILE"
+echo '\n'
+
+rm cnsmanagerrbac.yaml
+rm cnsmanagerkubeconfig
+rm secret_output
+rm cnsmanager-token-secret.yaml
+rm cnsmanagerkubeconfig.bak