github.phpd.cn/cilium/cilium@v1.6.12/tests/k8s/cluster/certs/generate-certs.sh

github.phpd.cn/cilium/cilium@v1.6.12/tests/k8s/cluster/certs/generate-certs.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
     4  
     5  set -ex
     6  
     7  export 'KUBERNETES_MASTER_IP4'=${KUBERNETES_MASTER_IP4:-"192.168.36.11"}
     8  export 'KUBERNETES_MASTER_IP6'=${KUBERNETES_MASTER_IP6:-"FD01::B"}
     9  export 'KUBERNETES_NODE_2_IP4'=${KUBERNETES_NODE_2_IP4:-"192.168.36.12"}
    10  export 'KUBERNETES_NODE_2_IP6'=${KUBERNETES_NODE_2_IP6:-"FD01::C"}
    11  export 'KUBERNETES_MASTER_SVC_IP4'=${KUBERNETES_MASTER_SVC_IP4:-"172.20.0.1"}
    12  export 'KUBERNETES_MASTER_SVC_IP6'=${KUBERNETES_MASTER_SVC_IP6:-"FD03::1"}
    13  export 'cluster_name'=${cluster_name:-"cilium-k8s-tests"}
    14  
    15  if [ -z "$(command -v cfssl)" ]; then
    16      echo "cfssl not found, please download it from"
    17      echo "https://pkg.cfssl.org/R1.2/cfssl_linux-amd64"
    18      echo "and add it to your PATH."
    19      exit -1
    20  fi
    21  
    22  if [ -z "$(command -v cfssljson)" ]; then
    23      echo "cfssljson not found, please download it from"
    24      echo "https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64"
    25      echo "and add it to your PATH."
    26      exit -1
    27  fi
    28  
    29  cat > "${dir}/ca-config.json" <<EOF
    30  {
    31    "signing": {
    32      "default": {
    33        "expiry": "8760h"
    34      },
    35      "profiles": {
    36        "kubernetes": {
    37          "usages": ["signing", "key encipherment", "server auth", "client auth"],
    38          "expiry": "8760h"
    39        }
    40      }
    41    }
    42  }
    43  EOF
    44  
    45  cat > "${dir}/ca-csr.json" <<EOF
    46  {
    47    "CN": "Kubernetes",
    48    "key": {
    49      "algo": "rsa",
    50      "size": 2048
    51    },
    52    "names": [
    53      {
    54        "C": "US",
    55        "L": "Portland",
    56        "O": "Kubernetes",
    57        "OU": "CA",
    58        "ST": "Oregon"
    59      }
    60    ]
    61  }
    62  EOF
    63  
    64  cfssl gencert -initca "${dir}/ca-csr.json" | cfssljson -bare "${dir}/ca"
    65  
    66  cat > "${dir}/kubernetes-csr.json" <<EOF
    67  {
    68    "CN": "kubernetes",
    69    "hosts": [
    70      "192.168.36.10",
    71      "${KUBERNETES_MASTER_IP4}",
    72      "${KUBERNETES_MASTER_IP6}",
    73      "${KUBERNETES_MASTER_SVC_IP4}",
    74      "${KUBERNETES_MASTER_SVC_IP6}",
    75      "127.0.0.1",
    76      "::1",
    77      "localhost",
    78      "${cluster_name}.default"
    79    ],
    80    "key": {
    81      "algo": "rsa",
    82      "size": 2048
    83    },
    84    "names": [
    85      {
    86        "C": "US",
    87        "L": "Portland",
    88        "O": "Kubernetes",
    89        "OU": "Cluster",
    90        "ST": "Oregon"
    91      }
    92    ]
    93  }
    94  EOF
    95  
    96  cfssl gencert \
    97    -ca="${dir}/ca.pem" \
    98    -ca-key="${dir}/ca-key.pem" \
    99    -config="${dir}/ca-config.json" \
   100    -profile=kubernetes \
   101    "${dir}/kubernetes-csr.json" | cfssljson -bare "${dir}/kubernetes"
   102  
   103  rm "${dir}/ca-config.json" \
   104     "${dir}/ca-csr.json" \
   105     "${dir}/kubernetes-csr.json"