github.com/midokura/kubeedge@v1.2.0-mido.0/build/tools/certgen.sh (about) 1 #!/bin/sh 2 3 readonly caPath=${CA_PATH:-/etc/kubeedge/ca} 4 readonly caSubject=${CA_SUBJECT:-/C=CN/ST=Zhejiang/L=Hangzhou/O=KubeEdge/CN=kubeedge.io} 5 readonly certPath=${CERT_PATH:-/etc/kubeedge/certs} 6 readonly subject=${SUBJECT:-/C=CN/ST=Zhejiang/L=Hangzhou/O=KubeEdge/CN=kubeedge.io} 7 8 genCA() { 9 openssl genrsa -des3 -out ${caPath}/rootCA.key -passout pass:kubeedge.io 4096 10 openssl req -x509 -new -nodes -key ${caPath}/rootCA.key -sha256 -days 3650 \ 11 -subj ${subject} -passin pass:kubeedge.io -out ${caPath}/rootCA.crt 12 } 13 14 ensureCA() { 15 if [ ! -e ${caPath}/rootCA.key ] || [ ! -e ${caPath}/rootCA.crt ]; then 16 genCA 17 fi 18 } 19 20 ensureFolder() { 21 if [ ! -d ${caPath} ]; then 22 mkdir -p ${caPath} 23 fi 24 if [ ! -d ${certPath} ]; then 25 mkdir -p ${certPath} 26 fi 27 } 28 29 genCsr() { 30 local name=$1 31 openssl genrsa -out ${certPath}/${name}.key 2048 32 openssl req -new -key ${certPath}/${name}.key -subj ${subject} -out ${certPath}/${name}.csr 33 } 34 35 genCert() { 36 local name=$1 37 openssl x509 -req -in ${certPath}/${name}.csr -CA ${caPath}/rootCA.crt -CAkey ${caPath}/rootCA.key \ 38 -CAcreateserial -passin pass:kubeedge.io -out ${certPath}/${name}.crt -days 365 -sha256 39 } 40 41 genCertAndKey() { 42 ensureFolder 43 ensureCA 44 local name=$1 45 genCsr $name 46 genCert $name 47 } 48 49 buildSecret() { 50 local name="edge" 51 genCertAndKey ${name} > /dev/null 2>&1 52 cat <<EOF 53 apiVersion: v1 54 kind: Secret 55 metadata: 56 name: cloudcore 57 namespace: kubeedge 58 labels: 59 k8s-app: kubeedge 60 kubeedge: cloudcore 61 stringData: 62 rootCA.crt: | 63 $(pr -T -o 4 ${caPath}/rootCA.crt) 64 edge.crt: | 65 $(pr -T -o 4 ${certPath}/${name}.crt) 66 edge.key: | 67 $(pr -T -o 4 ${certPath}/${name}.key) 68 69 EOF 70 } 71 72 $1 $2