#!/bin/bash
sa_name="pai-controller-manager"
namespace="pai-operator"
endpoint=10.4.80.54
config_file="/tmp/config"
tokenName=$(kubectl get sa $sa_name -n ${namespace} -o "jsonpath={.secrets[0].name}")
token=$(kubectl get secret $tokenName -n ${namespace} -o "jsonpath={.data.token}" | base64 --decode)
certificate=$(kubectl get secret $tokenName -n ${namespace} -o "jsonpath={.data['ca\.crt']}")

echo "apiVersion: v1
kind: Config
preferences: {}
clusters:
- cluster:
    certificate-authority-data: $certificate
    server: https://$endpoint
  name: ${namespace}-cluster
users:
- name: $sa_name
  user:
    as-user-extra: {}
    client-key-data: $certificate
    token: $token
contexts:
- context:
    cluster: ${namespace}-cluster
    namespace: ${namespace}
    user: $sa_name
  name: ${namespace}
current-context: ${namespace}" > ${config_file}

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pai-manager-role
  namespace: pai-operator
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pai-controller-manager
  namespace: pai-operator
---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pai-manager-rolebinding
  namespace: pai-operator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: pai-manager-role
subjects:
  - kind: ServiceAccount
    name: pai-controller-manager
    namespace: pai-operator