Certifai Remote Configuration
The code snippet provided below must be saved as a file. For example, save this script as gen-remote-config.sh
.
Note that this script is intended to be run by a cluster administrator.
An example invocation of this script looks like ./gen-remote-config.sh namespace
, where namespace
is the namespace where you installed the Certifai Enterprise instance.
#!/bin/bash -eu# Extract the token and set up the kubeconfig file for the certifai cliNAMESPACE=${1:-certifai}current_context=$(kubectl config current-context)cluster_name=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'$current_context'")].context.cluster}')cluster_server=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'$cluster_name'")].cluster.server}')
secret_name=$(kubectl get secrets -n $NAMESPACE --no-headers -o name | grep cortex-certifai-operator-token | head -1)encoded_secret=$(kubectl get $secret_name -n $NAMESPACE -o jsonpath={.data.token})decoded_secret=$(echo $encoded_secret | base64 -d --)
cluster_name_clean=$(echo "$cluster_name" | sed -e 's/[^A-Za-z0-9._-]/_/g')
echo "apiVersion: v1clusters:- cluster: insecure-skip-tls-verify: true server: $cluster_server name: $cluster_namecontexts:- context: cluster: $cluster_name user: certifai name: $cluster_namecurrent-context: $cluster_namekind: Configpreferences: {}users:- name: certifai user: token: $decoded_secret" > "${cluster_name_clean}.yaml"
echoecho "Updated $cluster_name_clean.yaml with access token."echoecho Run the following command to configure the Certifai CLI:echoecho certifai remote config -f "$cluster_name_clean.yaml" -n "$NAMESPACE"echo
The script creates a Kubernetes config file in the current directory for a default user named "certifai". This default user has the same permissions as the cortex-certifai-operator, and can be used by individuals or automated processes for interacting with your Cortex Certifai enterprise instance. After running the script, you can run the suggested command to configure the Certifai CLI as the default user.
Example:
# Run the above script to create the Kubeconfig file$ ./gen-remote-config.sh certifai
Updated <your-cluster>.yaml with access token.
Run the following command to configure Certifai CLI:
certifai remote config -f <your-cluster>.yaml -n certifai
# Configure the Certifai CLI$ certifai remote config -f <your-cluster.yaml> -n certifai
Checking for access to Kubernetes cluster with context - <your-context>Connection to cluster succeeded, found API - v1Updating alias - default
Configuration updated from - <your-cluster>.yaml