Update to no longer create registry.crt.
Showing
4 changed files
with
11 additions
and
46 deletions
etc/ssl/registry-sign.conf
deleted
100644 → 0
etc/ssl/registry.conf
deleted
100644 → 0
| 1 | [req] | ||
| 2 | default_bits = 2048 | ||
| 3 | default_keyfile = registry.key | ||
| 4 | distinguished_name = req_distinguished_name | ||
| 5 | req_extensions = req_ext | ||
| 6 | prompt = no | ||
| 7 | encrypt_key = no | ||
| 8 | |||
| 9 | [req_distinguished_name] | ||
| 10 | countryName = US | ||
| 11 | stateOrProvinceName = Texas | ||
| 12 | localityName = Dallas | ||
| 13 | organizationName = UNIQUELY ME | ||
| 14 | organizationalUnitName = IT | ||
| 15 | commonName = registry.uniquely-me.local | ||
| 16 | |||
| 17 | [req_ext] | ||
| 18 | subjectAltName = @alt_names | ||
| 19 | |||
| 20 | [alt_names] | ||
| 21 | DNS.1 = registry.uniquely-me.local | ||
| 22 | DNS.2 = registry.uniquely.me |
| ... | @@ -2,25 +2,17 @@ | ... | @@ -2,25 +2,17 @@ |
| 2 | 2 | ||
| 3 | set -e | 3 | set -e |
| 4 | 4 | ||
| 5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" | 5 | APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" |
| 6 | export TOP_DIR | 6 | export APISERVER_DIR |
| 7 | 7 | ||
| 8 | mkdir -p "$TOP_DIR"/certs | 8 | CONTEXT_DIR="$1" |
| 9 | if ! [ -e "$TOP_DIR/certs/root.key" ]; then | ||
| 10 | openssl genrsa -out "$TOP_DIR/certs/root.key.tmp" 2048 | ||
| 11 | mv "$TOP_DIR/certs/root.key.tmp" "$TOP_DIR/certs/root.key" | ||
| 12 | fi | ||
| 13 | if ! [ -e "$TOP_DIR/certs/root.crt" ]; then | ||
| 14 | openssl req -x509 -new -nodes -key "$TOP_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$TOP_DIR/certs/root.crt.tmp" | ||
| 15 | mv "$TOP_DIR/certs/root.crt.tmp" "$TOP_DIR/certs/root.crt" | ||
| 16 | fi | ||
| 17 | 9 | ||
| 18 | if ! [ -e "$TOP_DIR/certs/registry.key" ]; then | 10 | mkdir -p "$CONTEXT_DIR"/certs |
| 19 | openssl genrsa -out "$TOP_DIR/certs/registry.key.tmp" 4096 | 11 | if ! [ -e "$CONTEXT_DIR/certs/root.key" ]; then |
| 20 | mv "$TOP_DIR/certs/registry.key.tmp" "$TOP_DIR/certs/registry.key" | 12 | openssl genrsa -out "$CONTEXT_DIR/certs/root.key.tmp" 2048 |
| 13 | mv "$CONTEXT_DIR/certs/root.key.tmp" "$CONTEXT_DIR/certs/root.key" | ||
| 21 | fi | 14 | fi |
| 22 | if ! [ -e "$TOP_DIR/certs/registry.crt" ]; then | 15 | if ! [ -e "$CONTEXT_DIR/certs/root.crt" ]; then |
| 23 | openssl req -new -key "$TOP_DIR/certs/registry.key" -config "$TOP_DIR/etc/ssl/registry.conf" -out "$TOP_DIR/certs/registry.csr" | 16 | openssl req -x509 -new -nodes -key "$CONTEXT_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$CONTEXT_DIR/certs/root.crt.tmp" |
| 24 | openssl x509 -req -days 365 -in "$TOP_DIR/certs/registry.csr" -CA "$TOP_DIR/certs/root.crt" -CAkey "$TOP_DIR/certs/root.key" -CAcreateserial -out "$TOP_DIR/certs/registry.crt.tmp" -extfile "$TOP_DIR/etc/ssl/registry-sign.conf" | 17 | mv "$CONTEXT_DIR/certs/root.crt.tmp" "$CONTEXT_DIR/certs/root.crt" |
| 25 | mv "$TOP_DIR/certs/registry.crt.tmp" "$TOP_DIR/certs/registry.crt" | ||
| 26 | fi | 18 | fi | ... | ... |
| ... | @@ -20,7 +20,7 @@ case "$1" in | ... | @@ -20,7 +20,7 @@ case "$1" in |
| 20 | ;; | 20 | ;; |
| 21 | esac | 21 | esac |
| 22 | 22 | ||
| 23 | "$APISERVER_DIR/scripts/ensure-certs.sh" | 23 | "$APISERVER_DIR/scripts/ensure-certs.sh" "$CONTEXT_DIR" |
| 24 | "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR" | 24 | "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR" |
| 25 | 25 | ||
| 26 | _compose up -d k3s-master-1 | 26 | _compose up -d k3s-master-1 | ... | ... |
-
Please register or sign in to post a comment