ADD: added dashboard and photoprism

k3s/k8sUser/addUser.sh

@@ -0,0 +1,120 @@
+#!/bin/bash
+
+TARGET_USER="$1"
+
+if [ -z "$TARGET_USER" ]; then
+  echo "❌ Bitte gib den Namen eines Linux-Users als Argument an."
+  echo "   Beispiel: sudo ./setup-k8s-user-kubeconfig.sh dashboarduser"
+  exit 1
+fi
+
+USERNAME="$TARGET_USER"
+NAMESPACE="kube-system"
+SECRET_NAME="${USERNAME}-token"
+CONFIG_PATH="/home/${TARGET_USER}/.kube/config"
+BASHRC_PATH="/home/${TARGET_USER}/.bashrc"
+
+function check_user_exists() {
+  id "$1" &>/dev/null || {
+    echo "❌ Linux-User '$1' existiert nicht!"
+    exit 1
+  }
+}
+
+function create_k8s_resources() {
+  echo "🔧 Erstelle ServiceAccount und ClusterRoleBinding für '$USERNAME'..."
+  kubectl create serviceaccount "${USERNAME}" -n "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
+
+  kubectl create clusterrolebinding "${USERNAME}-binding" \
+    --clusterrole=cluster-admin \
+    --serviceaccount="${NAMESPACE}:${USERNAME}" \
+    --dry-run=client -o yaml | kubectl apply -f -
+}
+
+function create_static_token_secret() {
+  echo "🔐 Erstelle statisches Token (Secret) für '$USERNAME'..."
+
+  # Prüfen ob Secret schon existiert
+  if ! kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" &>/dev/null; then
+    cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ${SECRET_NAME}
+  namespace: ${NAMESPACE}
+  annotations:
+    kubernetes.io/service-account.name: "${USERNAME}"
+type: kubernetes.io/service-account-token
+EOF
+  fi
+
+  echo "⏳ Warte, bis Token im Secret verfügbar ist..."
+
+  for i in {1..10}; do
+    TOKEN=$(kubectl get secret "${SECRET_NAME}" -n "${NAMESPACE}" -o jsonpath="{.data.token}" | base64 -d 2>/dev/null)
+    [ -n "$TOKEN" ] && break
+    sleep 1
+  done
+
+  if [ -z "$TOKEN" ]; then
+    echo "❌ Token konnte nicht aus dem Secret gelesen werden."
+    exit 1
+  fi
+}
+
+function get_cluster_info() {
+  echo "🌐 Lese Cluster-Info..."
+  SERVER=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}')
+  CA=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
+}
+
+function write_kubeconfig() {
+  echo "📝 Schreibe Kubeconfig nach ${CONFIG_PATH}..."
+  sudo -u "${TARGET_USER}" mkdir -p "/home/${TARGET_USER}/.kube"
+
+  cat <<EOF | sudo tee "${CONFIG_PATH}" > /dev/null
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: ${CA}
+    server: ${SERVER}
+  name: k3s
+contexts:
+- context:
+    cluster: k3s
+    user: ${USERNAME}
+  name: ${USERNAME}@k3s
+current-context: ${USERNAME}@k3s
+users:
+- name: ${USERNAME}
+  user:
+    token: ${TOKEN}
+EOF
+
+  sudo chown "${TARGET_USER}:${TARGET_USER}" "${CONFIG_PATH}"
+  echo "✅ Kubeconfig für ${TARGET_USER} mit statischem Token erstellt."
+}
+
+function add_kubectl_hint_to_bashrc() {
+  if ! sudo grep -q 'kubectl' "${BASHRC_PATH}" 2>/dev/null; then
+    echo "🧠 Füge kubectl-Alias zur bashrc hinzu..."
+    echo "" | sudo tee -a "${BASHRC_PATH}" > /dev/null
+    echo "# kubectl completion & config (automatisch hinzugefügt)" | sudo tee -a "${BASHRC_PATH}" > /dev/null
+    echo "export KUBECONFIG=\$HOME/.kube/config" | sudo tee -a "${BASHRC_PATH}" > /dev/null
+    echo "source <(kubectl completion bash)" | sudo tee -a "${BASHRC_PATH}" > /dev/null
+  fi
+}
+
+# === Ausführung ===
+
+check_user_exists "${TARGET_USER}"
+create_k8s_resources
+create_static_token_secret
+get_cluster_info
+write_kubeconfig
+add_kubectl_hint_to_bashrc
+
+echo "🚀 Alles erledigt für Benutzer '${TARGET_USER}'!"
+echo "💡 Melde dich mit dem Token im Kubernetes Dashboard an, oder nutze:"
+echo "   kubectl get pods -A"