github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/update/env-dns-cm/create-custom-ca.sh

github.com/verrazzano/verrazzano@v1.7.1/tests/e2e/update/env-dns-cm/create-custom-ca.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright (c) 2022, Oracle and/or its affiliates.
     4  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     5  #
     6  # Script to create a custom CA cert and secret for use with Verrazzano
     7  # - CA is self-signed
     8  secretName=
     9  secretNamespace=
    10  caName=
    11  updateCert=
    12  
    13  usage() {
    14    local ec=${1:-0}
    15    local msg=${2:-""}
    16    echo """
    17  usage:
    18  
    19  $(basename $0) [-h] [-c ca-name] [-k] [-n secret-namespace] [-s secret-name]
    20  
    21  -c Create/update cert
    22  -k Create/update key and CA cert; default if CA cert/key do not exist
    23  -n Secret namespace (default \"customca\")
    24  -s Secret name (default \"[ca-name]-secret\")
    25  
    26  -h Print this help text
    27  """
    28  
    29    if [ ! -z "$msg" ]; then
    30      echo """
    31  error: $msg
    32  """
    33    fi
    34    exit $ec
    35  }
    36  
    37  while getopts 'hc:kn:s:' opt; do
    38    case $opt in
    39    c)
    40      # shellcheck disable=SC2034
    41      caName=${OPTARG}
    42      ;;
    43    k)
    44      # shellcheck disable=SC2034
    45      updateCert=true
    46      ;;
    47    n)
    48      secretNamespace=${OPTARG}
    49      ;;
    50    s)
    51      secretName=${OPTARG}
    52      ;;
    53    h)
    54      usage
    55      ;;
    56    ?)
    57      usage 1 "Invalid option: ${OPTARG}"
    58      ;;
    59    esac
    60  done
    61  
    62  
    63  if [ -z "${caName}" ]; then
    64    usage 1 "Provide a CA name"
    65  fi
    66  
    67  if [ -z "${secretName}" ]; then
    68    secretName=${caName}-secret
    69  fi
    70  if [ -z "${secretNamespace}" ]; then
    71    secretNamespace="customca"
    72  fi
    73  
    74  keyFile=${caName}.key
    75  certFile=${caName}.crt
    76  
    77  if [ "${updateCert}" == "true" ] || [ ! -e ${keyfile} ]; then
    78    echo "Creating key file $keyFile with certificate file $certFile"
    79  
    80    # Generate a CA private key
    81    openssl genrsa -out ${keyFile} 2048
    82  
    83    # Create a self signed certificate, valid for 10yrs with the 'signing' option set
    84    openssl req -x509 -new -nodes -key ${keyFile} -subj "/CN=${caName}" -days 3650 -reqexts v3_req -extensions v3_ca -out ${certFile}
    85  fi
    86  
    87  echo "Creating secret ${secretNamespace}/${secretName} for CA ${caName}"
    88  if ! kubectl get ns ${secretNamespace} 2>&1 > /dev/null; then
    89    echo "creating namespace ${secretNamespace}"
    90    kubectl create ns ${secretNamespace} || true
    91  fi
    92  
    93  kubectl create secret tls -n ${secretNamespace} ${secretName} -o yaml --dry-run=client --save-config \
    94  	--cert=${certFile} --key=${keyFile} | kubectl apply -f -
    95  
    96  echo "Done"