Cortex Certifai LogoCortex Certifai
Version: 1.3.12

Certifai Remote Configuration

The code snippet provided below must be saved as a file. For example, save this script as gen-remote-config.sh. Note that this script is intended to be run by a cluster administrator.

An example invocation of this script looks like ./gen-remote-config.sh namespace, where namespace is the namespace where you installed the Certifai Enterprise instance.

#!/bin/bash -eu
# Extract the token and set up the kubeconfig file for the certifai cli
NAMESPACE=${1:-certifai}
current_context=$(kubectl config current-context)
cluster_name=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'$current_context'")].context.cluster}')
cluster_server=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'$cluster_name'")].cluster.server}')


secret_name=$(kubectl get secrets -n $NAMESPACE --no-headers -o name | grep cortex-certifai-operator-token | head -1)
encoded_secret=$(kubectl get $secret_name -n $NAMESPACE -o jsonpath={.data.token})
decoded_secret=$(echo $encoded_secret | base64 -d --)


cluster_name_clean=$(echo "$cluster_name" | sed -e 's/[^A-Za-z0-9._-]/_/g')


echo "apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: $cluster_server
  name: $cluster_name
contexts:
- context:
    cluster: $cluster_name
    user: certifai
  name: $cluster_name
current-context: $cluster_name
kind: Config
preferences: {}
users:
- name: certifai
  user:
    token: $decoded_secret" > "${cluster_name_clean}.yaml"


echo
echo "Updated $cluster_name_clean.yaml with access token."
echo
echo Run the following command to configure the Certifai CLI:
echo
echo certifai remote config -f "$cluster_name_clean.yaml" -n "$NAMESPACE"
echo

The script creates a Kubernetes config file in the current directory for a default user named "certifai". This default user has the same permissions as the cortex-certifai-operator, and can be used by individuals or automated processes for interacting with your Cortex Certifai enterprise instance. After running the script, you can run the suggested command to configure the Certifai CLI as the default user.

Example:

# Run the above script to create the Kubeconfig file
$ ./gen-remote-config.sh certifai


Updated <your-cluster>.yaml with access token.


Run the following command to configure Certifai CLI:


certifai remote config -f <your-cluster>.yaml -n certifai


# Configure the Certifai CLI
$ certifai remote config -f <your-cluster.yaml> -n certifai


Checking for access to Kubernetes cluster with context - <your-context>
Connection to cluster succeeded, found API - v1
Updating alias - default


Configuration updated from - <your-cluster>.yaml