Update to no longer create registry.crt.

Adam Heath
Showing 4 changed files with 11 additions and 46 deletions
etc/ssl/registry-sign.conf
etc/ssl/registry.conf
scripts/ensure-certs.sh
scripts/start-docker.sh
--- a/etc/ssl/registry-sign.conf deleted 100644 → 0
View file @5d421ad
+++ b/etc/ssl/registry-sign.conf deleted 100644 → 0
View file @5d421ad
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = registry.uniquely-me.local
-DNS.2 = registry.uniquely.me
--- a/etc/ssl/registry.conf deleted 100644 → 0
View file @5d421ad
+++ b/etc/ssl/registry.conf deleted 100644 → 0
View file @5d421ad
-[req]
-default_bits       = 2048
-default_keyfile    = registry.key
-distinguished_name = req_distinguished_name
-req_extensions = req_ext
-prompt = no
-encrypt_key = no
-
-[req_distinguished_name]
-countryName                 = US
-stateOrProvinceName         = Texas
-localityName                = Dallas
-organizationName            = UNIQUELY ME
-organizationalUnitName        = IT
-commonName                  = registry.uniquely-me.local
-
-[req_ext]
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = registry.uniquely-me.local
-DNS.2 = registry.uniquely.me
--- a/scripts/ensure-certs.sh
View file @379971a
+++ b/scripts/ensure-certs.sh
View file @379971a
@@ -2,25 +2,17 @@

 set -e

-TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
-export TOP_DIR
+APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
+export APISERVER_DIR

-mkdir -p "$TOP_DIR"/certs
-if ! [ -e "$TOP_DIR/certs/root.key" ]; then
-	openssl genrsa -out "$TOP_DIR/certs/root.key.tmp" 2048
-	mv "$TOP_DIR/certs/root.key.tmp" "$TOP_DIR/certs/root.key"
-fi
-if ! [ -e "$TOP_DIR/certs/root.crt" ]; then
-	openssl req -x509 -new -nodes -key "$TOP_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$TOP_DIR/certs/root.crt.tmp"
-	mv "$TOP_DIR/certs/root.crt.tmp" "$TOP_DIR/certs/root.crt"
-fi
+CONTEXT_DIR="$1"

-if ! [ -e "$TOP_DIR/certs/registry.key" ]; then
-	openssl genrsa -out "$TOP_DIR/certs/registry.key.tmp" 4096
-	mv "$TOP_DIR/certs/registry.key.tmp" "$TOP_DIR/certs/registry.key"
+mkdir -p "$CONTEXT_DIR"/certs
+if ! [ -e "$CONTEXT_DIR/certs/root.key" ]; then
+	openssl genrsa -out "$CONTEXT_DIR/certs/root.key.tmp" 2048
+	mv "$CONTEXT_DIR/certs/root.key.tmp" "$CONTEXT_DIR/certs/root.key"
 fi
-if ! [ -e "$TOP_DIR/certs/registry.crt" ]; then
-	openssl req -new -key "$TOP_DIR/certs/registry.key" -config "$TOP_DIR/etc/ssl/registry.conf" -out "$TOP_DIR/certs/registry.csr"
-	openssl x509 -req -days 365 -in "$TOP_DIR/certs/registry.csr" -CA "$TOP_DIR/certs/root.crt" -CAkey "$TOP_DIR/certs/root.key" -CAcreateserial -out "$TOP_DIR/certs/registry.crt.tmp" -extfile "$TOP_DIR/etc/ssl/registry-sign.conf"
-	mv "$TOP_DIR/certs/registry.crt.tmp" "$TOP_DIR/certs/registry.crt"
+if ! [ -e "$CONTEXT_DIR/certs/root.crt" ]; then
+	openssl req -x509 -new -nodes -key "$CONTEXT_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$CONTEXT_DIR/certs/root.crt.tmp"
+	mv "$CONTEXT_DIR/certs/root.crt.tmp" "$CONTEXT_DIR/certs/root.crt"
 fi
--- a/scripts/start-docker.sh
View file @379971a
+++ b/scripts/start-docker.sh
View file @379971a
@@ -20,7 +20,7 @@ case "$1" in
 		;;
 esac

-"$APISERVER_DIR/scripts/ensure-certs.sh"
+"$APISERVER_DIR/scripts/ensure-certs.sh" "$CONTEXT_DIR"
 "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR"

 _compose up -d k3s-master-1