1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
set -o errtrace
PRODUCT=buildkit
DIR=./.certs
if [[ "$#" -lt 1 ]]; then
echo "Usage: $0 SAN [SAN...]"
echo
echo "Example: $0 buildkitd.default.svc 127.0.0.1"
echo
echo "The following files will be created under ${DIR}"
echo "- daemon/{ca.pem,cert.pem,key.pem}"
echo "- client/{ca.pem,cert.pem,key.pem}"
echo "- ${PRODUCT}-daemon-certs.yaml"
echo "- ${PRODUCT}-client-certs.yaml"
echo "- SAN"
exit 1
fi
if ! command -v mkcert >/dev/null; then
echo "Missing mkcert (https://github.com/FiloSottile/mkcert)"
exit 1
fi
SAN=$@
SAN_CLIENT=client
mkdir -p $DIR ${DIR}/daemon ${DIR}/client
(
cd $DIR
echo $SAN | tr " " "\n" >SAN
CAROOT=$(pwd) mkcert -cert-file daemon/cert.pem -key-file daemon/key.pem ${SAN} >/dev/null 2>&1
CAROOT=$(pwd) mkcert -client -cert-file client/cert.pem -key-file client/key.pem ${SAN_CLIENT} >/dev/null 2>&1
cp -f rootCA.pem daemon/ca.pem
cp -f rootCA.pem client/ca.pem
rm -f rootCA.pem rootCA-key.pem
kubectl create secret generic ${PRODUCT}-daemon-certs --dry-run=client -o yaml --from-file=./daemon >${PRODUCT}-daemon-certs.yaml
kubectl create secret generic ${PRODUCT}-client-certs --dry-run=client -o yaml --from-file=./client >${PRODUCT}-client-certs.yaml
)
|
