github.com/oam-dev/cluster-gateway@v1.9.0/hack/cert-gen/gen.sh

github.com/oam-dev/cluster-gateway@v1.9.0/hack/cert-gen/gen.sh (about)

     1  SVC_NAME="${SVC_NAME:-kubevela-cluster-gateway}"
     2  SVC_NAMESPACE="${SVC_NAMESPACE:-vela-system}"
     3  OUTPUT_DIR=${OUTPUT_DIR:-./cert}
     4  
     5  rm -r $OUTPUT_DIR;
     6  mkdir -p $OUTPUT_DIR;
     7  cd $OUTPUT_DIR;
     8  echo "authorityKeyIdentifier=keyid,issuer
     9  basicConstraints=CA:FALSE
    10  subjectAltName = @alt_names
    11  [alt_names]
    12  DNS.1 = $SVC_NAME
    13  DNS.2 = $SVC_NAME.$SVC_NAMESPACE.svc" > domain.ext
    14  openssl req -x509 -sha256 -days 3650 -newkey rsa:2048 -keyout ca.key -out ca -nodes -subj '/O=kubevela' \
    15  && openssl ecparam -name prime256v1 -genkey -noout -out apiserver.key \
    16  && openssl req -new -key apiserver.key -out apiserver.csr -subj '/O='$SVC_NAME \
    17  && openssl x509 -req -in apiserver.csr -CA ca -CAkey ca.key -CAcreateserial -extfile domain.ext -out apiserver.crt -days 3650 -sha256
    18  
    19  kubectl create secret generic $SVC_NAME -n $SVC_NAMESPACE \
    20    --from-file=ca=ca \
    21    --from-file=apiserver.key=apiserver.key \
    22    --from-file=apiserver.crt=apiserver.crt \
    23    --dry-run=client -oyaml > $SVC_NAME.yaml
    24  
    25  cd ..
    26  mv ./cert/$SVC_NAME.yaml ./