379971af by Adam Heath

Update to no longer create registry.crt.

1 parent 5d421adc
subjectAltName = @alt_names
[alt_names]
DNS.1 = registry.uniquely-me.local
DNS.2 = registry.uniquely.me
[req]
default_bits = 2048
default_keyfile = registry.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
encrypt_key = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Texas
localityName = Dallas
organizationName = UNIQUELY ME
organizationalUnitName = IT
commonName = registry.uniquely-me.local
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = registry.uniquely-me.local
DNS.2 = registry.uniquely.me
......@@ -2,25 +2,17 @@
set -e
TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
export TOP_DIR
APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
export APISERVER_DIR
mkdir -p "$TOP_DIR"/certs
if ! [ -e "$TOP_DIR/certs/root.key" ]; then
openssl genrsa -out "$TOP_DIR/certs/root.key.tmp" 2048
mv "$TOP_DIR/certs/root.key.tmp" "$TOP_DIR/certs/root.key"
fi
if ! [ -e "$TOP_DIR/certs/root.crt" ]; then
openssl req -x509 -new -nodes -key "$TOP_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$TOP_DIR/certs/root.crt.tmp"
mv "$TOP_DIR/certs/root.crt.tmp" "$TOP_DIR/certs/root.crt"
fi
CONTEXT_DIR="$1"
if ! [ -e "$TOP_DIR/certs/registry.key" ]; then
openssl genrsa -out "$TOP_DIR/certs/registry.key.tmp" 4096
mv "$TOP_DIR/certs/registry.key.tmp" "$TOP_DIR/certs/registry.key"
mkdir -p "$CONTEXT_DIR"/certs
if ! [ -e "$CONTEXT_DIR/certs/root.key" ]; then
openssl genrsa -out "$CONTEXT_DIR/certs/root.key.tmp" 2048
mv "$CONTEXT_DIR/certs/root.key.tmp" "$CONTEXT_DIR/certs/root.key"
fi
if ! [ -e "$TOP_DIR/certs/registry.crt" ]; then
openssl req -new -key "$TOP_DIR/certs/registry.key" -config "$TOP_DIR/etc/ssl/registry.conf" -out "$TOP_DIR/certs/registry.csr"
openssl x509 -req -days 365 -in "$TOP_DIR/certs/registry.csr" -CA "$TOP_DIR/certs/root.crt" -CAkey "$TOP_DIR/certs/root.key" -CAcreateserial -out "$TOP_DIR/certs/registry.crt.tmp" -extfile "$TOP_DIR/etc/ssl/registry-sign.conf"
mv "$TOP_DIR/certs/registry.crt.tmp" "$TOP_DIR/certs/registry.crt"
if ! [ -e "$CONTEXT_DIR/certs/root.crt" ]; then
openssl req -x509 -new -nodes -key "$CONTEXT_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$CONTEXT_DIR/certs/root.crt.tmp"
mv "$CONTEXT_DIR/certs/root.crt.tmp" "$CONTEXT_DIR/certs/root.crt"
fi
......
......@@ -20,7 +20,7 @@ case "$1" in
;;
esac
"$APISERVER_DIR/scripts/ensure-certs.sh"
"$APISERVER_DIR/scripts/ensure-certs.sh" "$CONTEXT_DIR"
"$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR"
_compose up -d k3s-master-1
......