Merge "k8s: Add admin.conf kubeconfig"

magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh

@@ -380,6 +380,32 @@ sed -i '
     /^KUBE_ADMISSION_CONTROL=/ s/=.*/="'"${KUBE_ADMISSION_CONTROL}"'"/
 ' /etc/kubernetes/apiserver
 
+ADMIN_KUBECONFIG=/etc/kubernetes/admin.conf
+cat << EOF >> ${ADMIN_KUBECONFIG}
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority: ${CERT_DIR}/ca.crt
+    server: https://127.0.0.1:$KUBE_API_PORT
+  name: ${CLUSTER_UUID}
+contexts:
+- context:
+    cluster: ${CLUSTER_UUID}
+    user: admin
+  name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+- name: admin
+  user:
+    as-user-extra: {}
+    client-certificate: ${CERT_DIR}/admin.crt
+    client-key: ${CERT_DIR}/admin.key
+EOF
+echo "export KUBECONFIG=${ADMIN_KUBECONFIG}" >> /etc/bashrc
+chown root:root ${ADMIN_KUBECONFIG}
+chmod 600 ${ADMIN_KUBECONFIG}
 
 # Add controller manager args
 KUBE_CONTROLLER_MANAGER_ARGS="--leader-elect=true"

magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh

@@ -167,8 +167,26 @@ keyUsage=critical,digitalSignature,keyEncipherment
 extendedKeyUsage=clientAuth,serverAuth
 EOF
 
+#admin Certs
+cat > ${cert_dir}/admin.conf <<EOF
+[req]
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+prompt = no
+[req_distinguished_name]
+CN = admin
+O = system:masters
+OU=OpenStack/Magnum
+C=US
+ST=TX
+L=Austin
+[req_ext]
+extendedKeyUsage= clientAuth
+EOF
+
 generate_certificates server ${cert_dir}/server.conf
 generate_certificates kubelet ${cert_dir}/kubelet.conf
+generate_certificates admin ${cert_dir}/admin.conf
 
 # Generate service account key and private key
 echo -e "${KUBE_SERVICE_ACCOUNT_KEY}" > ${cert_dir}/service_account.key