Add core files for connecting to k8s with kubectl and keystone app creds

The files include a default config that connects to the default namespace.
A token request script.
A script to bring the CA trusts into the current env.

app_cred_auth.sh

+#!/bin/bash
+
+# this is a auth client that expectes keystone app creds loaded into the env
+# it will be used by kubectl and automatically get user tokens
+# see following for infomation on how to use external authenticator
+# https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
+
+# trust the local ca
+. trust-k8s-ca.sh
+
+get_keystone_token () 
+{ 
+    data='{
+    "auth": {
+        "identity": {
+            "methods": [
+                "application_credential"
+            ],
+            "application_credential": {
+                "id": "'"${OS_APPLICATION_CREDENTIAL_ID}"'",
+                "secret": "'"${OS_APPLICATION_CREDENTIAL_SECRET}"'"
+            }
+        }
+    }
+}';
+    token=$(curl -s -i -H "Content-Type: application/json" -d "${data}" "${OS_AUTH_URL}/auth/tokens" |grep 'X-Subject-Token');
+    if [ -z "$token" ]; then
+        echo "Invalid authentication information";
+    else
+        echo $(echo ${token} | awk -F ': ' '{print $2}' | sed -e 's/[[:space:]]*$//');
+    fi
+}
+
+token=`get_keystone_token`
+
+cat << EOF
+{
+  "apiVersion": "client.authentication.k8s.io/v1",
+  "kind": "ExecCredential",
+  "status": {
+    "token": "$token"
+  }
+}
+EOF

kube-config.example

+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhekNDQWxPZ0F3SUJBZ0lVQXdGUGc2Z3JlaUI0VE5FcnlpVmVad2Q4ckV3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BURTdNRGtHQTFVRUF4TXlWbUYxYkhRZ1VtOXZkQ0JEWlhKMGFXWnBZMkYwWlNCQmRYUm9iM0pwZEhrZwpLR05vWVhKdExYQnJhUzFzYjJOaGJDa3dIaGNOTWpJd05qQXpNakV6TlRRMldoY05Nekl3TlRNeE1qQXpOakUyCldqQTlNVHN3T1FZRFZRUURFekpXWVhWc2RDQlNiMjkwSUVObGNuUnBabWxqWVhSbElFRjFkR2h2Y21sMGVTQW8KWTJoaGNtMHRjR3RwTFd4dlkyRnNLVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTmFLZEo5MW9OYStWVGtpS0xOcWt0eHpBcjgrYzJ5S282SEdiTk1xbVk5OVhQbUozK1dVVFdqNG1EaUE0SDBWCkE0a3Z4Wi9NcHVVRU5LaG9rRUxaaTF6ZWc3SmM1SGJGaDhRSlpkYjYrb2F1bFB3QkVCdTBCSlBpUGphYzcvS0MKSU12UWNvcFFWdlVmTUc1ZDRQNHphRXNMeUgwZzhKSTRYM0JGZnRNQUNaVzlLelB2M1E5SWF6WmJ2UFd5VlJXZQpkSE9FVTZFUit3QXpRREU2a2ZNa1d1MHlTb0dRN0JxMGtuUGpPVjNOQ2MwT3FJWlcwWm1wZWRrdzRzUlNtb1NTCmdFL1czUFNNL0ZxUlJvVUlhbkpBL05STkk2a21xSUlOcm5mbHJOazNUVXpZZ0VSZGpqMFZIRURqeGw1WWt4NUMKQSt4L1Z2UDQyL2VzNzZzSmZjcWZya2NDQXdFQUFhTmpNR0V3RGdZRFZSMFBBUUgvQkFRREFnRUdNQThHQTFVZApFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRlB2ZWtCTFdnL1FUU3J1L2hRTndNeUNBMXRPN01COEdBMVVkCkl3UVlNQmFBRlB2ZWtCTFdnL1FUU3J1L2hRTndNeUNBMXRPN01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0IKLzNTbW93eTJPTkZ4d01lSlpBb3dLRnZ1WDFNbmxjbHd0QXB0OWZSSWNZOW9nQWVnWC80YmFTRTlGVVhLUzh6bgo1dTdjVk9tL04vVks4bWxxRU5CdlFHUEd0RkcvTHgyV1RYM2NDMkdleHgzWFJOVXh1MmFyUG04V1hqL2o1UmVTCmJUb24zeERIWEhJK3FXNTZkT1EvNm13OGxZZ0FjVmt6cjJ6QU95N3gwSjhNMFBDVEc5bTNwVHpIWVZjeDN3V3UKT2U5bXFXekxjUkFqODJqcGI3dDFZVVBvdzBXRXU1V1Jxb1dzYStRUmRST2RGVytld2VzQTJndHNyUWw5cEljUwpuNExVdzBYSDFTUGxmMlRPbVQvTDh6MWtqbTJ4alBYc2NqYkJDR2diaCtCK1F5eVBVOWEvZkJlRjgrTGF6Q0VTClRqSEtrb1NXb3Z2RmpZZk5nSkxmCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://138.26.125.244:443
+  name: k8s-rc
+contexts:
+- context:
+    cluster: k8s-rc
+    namespace: default
+    user: username
+  name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+- name: username
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1
+      args: null
+      command: ./app_cred_auth.sh
+      env: null
+      interactiveMode: Never
+      provideClusterInfo: false

trust-k8s-ca.sh

+# the cabundle file needed to trust ssl endpoints
+
+export OS_CACERT=$(PWD)/rc-k8s-cabundle.cer
+export CURL_CA_BUNDLE=$OS_CACERT