From 97142ae827c0e9976139a3c70e973aa1dd242620 Mon Sep 17 00:00:00 2001
From: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Date: Wed, 2 Aug 2023 16:07:34 -0300
Subject: [PATCH] Create kubeconfig-setup script

This script creates the file ".kube/config" in the home folder of the
logged in user and sets/replaces the value of variable KUBECONFIG inside
file ".profile". Currently, the main use case that involves this K8S
config file is the K8S authentication through OIDC token.

Test Plan:

PASS: Deploy an IPv4 AIO-SX with an image containing this change and
verify that the script is available at "/usr/local/bin/kubeconfig-setup"
with permissions "-r-xr-xr-x", owner root, group root. Setup OIDC app,
create local linux user "tu1" and create a ClusterRoleBinding in K8S for
tu1 user as cluster-admin.
PASS: Using the deployed AIO-SX, SSH to the controller using "tu1".
Execute "kubeconfig-setup; source .profile", verify that the file
"/home/tu1/.kube/config" was created, execute "oidc-auth" and then
"kubectl get pods -A -v=6", verifying in the output that the file
"/home/tu1/.kube/config" is being used by kubectl.
PASS: Using the deployed AIO-SX, edit the file ".profile" of "tu1"
replacing 'export KUBECONFIG="/home/tu1/.kube/config"' by "export
KUBECONFIG="invalid_value"' and then repeat the previous test, that will
be successful. After, verify that KUBECONFIG is set to 'export
KUBECONFIG="/home/tu1/.kube/config"' in ".profile".
PASS: Using the deployed AIO-SX, SSH again to the controller using "tu1"
and just execute "kubectl get pods -A -v=6", verifying in the output
that the file "/home/tu1/.kube/config" is being used by kubectl.
PASS: Repeat all tests above using an IPv6 AIO-SX.

Story: 2010738
Task: 48566

Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/890359
Depends-On: https://review.opendev.org/c/starlingx/config/+/890436
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I2b8cab1ca8d029782351152d635014d3dec2df52
---
 .../platform-util/centos/platform-util.spec   |  2 +
 .../debian/deb_folder/controller.install      |  1 +
 .../platform-util-controller.install          |  1 +
 .../platform-util/debian/deb_folder/rules     |  5 +-
 .../platform-util/scripts/kubeconfig-setup    | 47 +++++++++++++++++++
 5 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 utilities/platform-util/scripts/kubeconfig-setup

diff --git a/utilities/platform-util/centos/platform-util.spec b/utilities/platform-util/centos/platform-util.spec
index a22b9f31..9272e5b1 100644
--- a/utilities/platform-util/centos/platform-util.spec
+++ b/utilities/platform-util/centos/platform-util.spec
@@ -69,6 +69,7 @@ install -m 555 %{_buildsubdir}/scripts/show-certs.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/update_docker_registry_auth.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/change_system_private_registry.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/local_starlingxrc %{buildroot}%{local_bindir}
+install -m 555 %{_buildsubdir}/scripts/kubeconfig-setup %{buildroot}%{local_bindir}
 
 install -d %{buildroot}%{local_etc_initd}
 install %{_buildsubdir}/scripts/log_functions.sh %{buildroot}%{local_etc_initd}
@@ -123,6 +124,7 @@ systemctl enable opt-platform.service
 %{local_bindir}/update_docker_registry_auth.sh
 %{local_bindir}/change_system_private_registry.sh
 %{local_bindir}/local_starlingxrc
+%{local_bindir}/kubeconfig-setup
 
 %files noncontroller
 %defattr(-,root,root,-)
diff --git a/utilities/platform-util/debian/deb_folder/controller.install b/utilities/platform-util/debian/deb_folder/controller.install
index 51a0be00..cac6572e 100644
--- a/utilities/platform-util/debian/deb_folder/controller.install
+++ b/utilities/platform-util/debian/deb_folder/controller.install
@@ -8,3 +8,4 @@ scripts/update-dm.sh usr/local/bin
 scripts/update_docker_registry_auth.sh usr/local/bin
 scripts/change_system_private_registry.sh usr/local/bin
 scripts/local_starlingxrc usr/local/bin
+scripts/kubeconfig-setup usr/local/bin
diff --git a/utilities/platform-util/debian/deb_folder/platform-util-controller.install b/utilities/platform-util/debian/deb_folder/platform-util-controller.install
index e7a5a926..89673a05 100644
--- a/utilities/platform-util/debian/deb_folder/platform-util-controller.install
+++ b/utilities/platform-util/debian/deb_folder/platform-util-controller.install
@@ -8,3 +8,4 @@
 /usr/local/bin/update_docker_registry_auth.sh
 /usr/local/bin/change_system_private_registry.sh
 /usr/local/bin/local_starlingxrc
+/usr/local/bin/kubeconfig-setup
diff --git a/utilities/platform-util/debian/deb_folder/rules b/utilities/platform-util/debian/deb_folder/rules
index 0df00104..a548cfec 100755
--- a/utilities/platform-util/debian/deb_folder/rules
+++ b/utilities/platform-util/debian/deb_folder/rules
@@ -40,6 +40,7 @@ override_dh_auto_install:
 	install -m 555 scripts/change_system_private_registry.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/is-rootdisk-device.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/local_starlingxrc $(DEBIAN_BUILDDIR)/usr/local/bin/
+	install -m 555 scripts/kubeconfig-setup $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 755 scripts/connectivity_test $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 750 scripts/set_keystone_user_option.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 
@@ -53,5 +54,5 @@ override_dh_auto_install:
 override_dh_fixperms:
 	dh_fixperms -Xupdate-iso.sh -Xpatch-dm.sh -Xgen-bootloader-iso.sh -Xstx-iso-utils.sh \
 	-Xshow-certs.sh -Xupdate_docker_registry_auth.sh -Xchange_system_private_registry.sh \
-	-Xis-rootdisk-device.sh -Xlocal_starlingxrc -Xpatch-restart-* -Xconnectivity_test \
-	-Xset_keystone_user_option.sh
+	-Xis-rootdisk-device.sh -Xlocal_starlingxrc -Xkubeconfig-setup -Xpatch-restart-* \
+	-Xconnectivity_test -Xset_keystone_user_option.sh
diff --git a/utilities/platform-util/scripts/kubeconfig-setup b/utilities/platform-util/scripts/kubeconfig-setup
new file mode 100644
index 00000000..878953de
--- /dev/null
+++ b/utilities/platform-util/scripts/kubeconfig-setup
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Setups Kubernetes configuration for logged in user.
+# No password/token/key is set.
+#
+
+# Set Kubernetes config file.
+mkdir -p -m 750 $HOME/.kube
+rm -f $HOME/.kube/config
+touch $HOME/.kube/config
+chmod 600 $HOME/.kube/config
+CERT_AUTH_DATA=$(base64 -w0 /etc/kubernetes/pki/ca.crt)
+CLUSTER_HOST_IP=$(grep -w controller-cluster-host /etc/hosts | awk '{print $1}')
+if [[ $CLUSTER_HOST_IP =~ .*:.* ]]; then
+    CLUSTER_HOST_IP="[$CLUSTER_HOST_IP]"
+fi
+SERVER_URL="https://$CLUSTER_HOST_IP:6443"
+printf "%s\n" \
+       "apiVersion: v1" \
+       "clusters:" \
+       "- cluster:" \
+       "    certificate-authority-data: $CERT_AUTH_DATA" \
+       "    server: $SERVER_URL" \
+       "  name: kubernetes" \
+       "contexts:" \
+       "- context:" \
+       "    cluster: kubernetes" \
+       "    user: $USER" \
+       "  name: $USER@kubernetes" \
+       "current-context: $USER@kubernetes" \
+       "kind: Config" \
+       "preferences: {}" \
+       "users:" \
+       "- name: $USER" \
+       "  user:" > $HOME/.kube/config
+
+# Add or replace KUBECONFIG variable in ".profile" file.
+VAR_COUNT=$(grep -cw '^export KUBECONFIG' $HOME/.profile)
+if [[ "$VAR_COUNT" == "0" ]]; then
+    echo 'export KUBECONFIG="$HOME/.kube/config"' >> $HOME/.profile
+else
+    sed -i '/^\bexport KUBECONFIG\b/c\export KUBECONFIG="$HOME/.kube/config"' $HOME/.profile
+fi