USER_NAME="dev-user"

NAMESPACE="dev"

GROUP_NAME="dev-group"

CSR_NAME="${USER_NAME}"

CLUSTER_NAME=$(kubectl config current-context)

openssl genrsa -out ${USER_NAME}.key 2048

openssl req -new -key ${USER_NAME}.key -out ${USER_NAME}.csr -subj "/CN=${USER_NAME}/O=${GROUP_NAME}"

CSR_BASE64=$(cat ${USER_NAME}.csr | base64 | tr -d '\n')

cat <<EOF | kubectl apply -f -

kubectl certificate approve ${CSR_NAME}

kubectl get csr ${CSR_NAME} -o jsonpath='{.status.certificate}' | base64 --decode > ${USER_NAME}.crt

kubectl config set-credentials ${USER_NAME} \

--client-certificate=${USER_NAME}.crt \

--client-key=${USER_NAME}.key

kubectl get namespace ${NAMESPACE} >/dev/null 2>&1 || kubectl create namespace ${NAMESPACE}

kubectl config set-context ${USER_NAME}-context \

--cluster=${CLUSTER_NAME} \

--namespace=${NAMESPACE} \

--user=${USER_NAME}

cat <<EOF | kubectl apply -f -

echo -e "\n🔍 Try testing access using:"

echo "kubectl --context=${USER_NAME}-context get pods"