| Vladimir Khlyunev | cc648af | 2024-04-25 19:56:40 +0400 | [diff] [blame] | 1 | set -e |
| 2 | rm -rf /root/cert && mkdir -p /root/cert && pushd /root/cert |
| 3 | |
| 4 | tee ca-config.json << EOF |
| 5 | { |
| 6 | "signing": { |
| 7 | "default": { |
| 8 | "expiry": "8760h" |
| 9 | }, |
| 10 | "profiles": { |
| 11 | "kubernetes": { |
| 12 | "usages": [ |
| 13 | "signing", |
| 14 | "key encipherment", |
| 15 | "server auth", |
| 16 | "client auth" |
| 17 | ], |
| 18 | "expiry": "8760h" |
| 19 | } |
| 20 | } |
| 21 | } |
| 22 | } |
| 23 | EOF |
| 24 | |
| 25 | tee ca-csr.json << EOF |
| 26 | { |
| 27 | "CN": "kubernetes", |
| 28 | "key": { |
| 29 | "algo": "rsa", |
| 30 | "size": 2048 |
| 31 | }, |
| 32 | "names":[{ |
| 33 | "C": "EU", |
| 34 | "ST": "CZ", |
| 35 | "L": "DC", |
| 36 | "O": "Mirantis", |
| 37 | "OU": "EU BM 2401" |
| 38 | }] |
| 39 | } |
| 40 | EOF |
| 41 | |
| 42 | tee server-csr.json << EOF |
| 43 | { |
| Vladimir Khlyunev | 3f27ff7 | 2024-11-01 14:42:24 +0400 | [diff] [blame] | 44 | "CN": "*.mnt-bm.mirantis.net", |
| Vladimir Khlyunev | cc648af | 2024-04-25 19:56:40 +0400 | [diff] [blame] | 45 | "hosts": [ |
| Vladimir Khlyunev | 3f27ff7 | 2024-11-01 14:42:24 +0400 | [diff] [blame] | 46 | "*.mnt-bm.mirantis.net" |
| Vladimir Khlyunev | cc648af | 2024-04-25 19:56:40 +0400 | [diff] [blame] | 47 | ], |
| 48 | "key": { |
| 49 | "algo": "rsa", |
| 50 | "size": 2048 |
| 51 | }, |
| 52 | "names": [ { |
| 53 | "C": "EU", |
| 54 | "L": "DC", |
| 55 | "ST": "CZ" |
| 56 | }] |
| 57 | } |
| 58 | EOF |
| 59 | cfssl gencert -initca ca-csr.json | cfssljson -bare ca |
| 60 | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem --config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server |
| 61 | popd |
| Vladimir Khlyunev | e03b04f | 2024-04-26 02:57:02 +0400 | [diff] [blame] | 62 | python3 /root/bm_mcc_mosk/utils/tsl_to_yaml.py |