Update to no longer create registry.crt.
Showing
4 changed files
with
11 additions
and
46 deletions
etc/ssl/registry-sign.conf
deleted
100644 → 0
etc/ssl/registry.conf
deleted
100644 → 0
1 | [req] | ||
2 | default_bits = 2048 | ||
3 | default_keyfile = registry.key | ||
4 | distinguished_name = req_distinguished_name | ||
5 | req_extensions = req_ext | ||
6 | prompt = no | ||
7 | encrypt_key = no | ||
8 | |||
9 | [req_distinguished_name] | ||
10 | countryName = US | ||
11 | stateOrProvinceName = Texas | ||
12 | localityName = Dallas | ||
13 | organizationName = UNIQUELY ME | ||
14 | organizationalUnitName = IT | ||
15 | commonName = registry.uniquely-me.local | ||
16 | |||
17 | [req_ext] | ||
18 | subjectAltName = @alt_names | ||
19 | |||
20 | [alt_names] | ||
21 | DNS.1 = registry.uniquely-me.local | ||
22 | DNS.2 = registry.uniquely.me |
... | @@ -2,25 +2,17 @@ | ... | @@ -2,25 +2,17 @@ |
2 | 2 | ||
3 | set -e | 3 | set -e |
4 | 4 | ||
5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" | 5 | APISERVER_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" |
6 | export TOP_DIR | 6 | export APISERVER_DIR |
7 | 7 | ||
8 | mkdir -p "$TOP_DIR"/certs | 8 | CONTEXT_DIR="$1" |
9 | if ! [ -e "$TOP_DIR/certs/root.key" ]; then | ||
10 | openssl genrsa -out "$TOP_DIR/certs/root.key.tmp" 2048 | ||
11 | mv "$TOP_DIR/certs/root.key.tmp" "$TOP_DIR/certs/root.key" | ||
12 | fi | ||
13 | if ! [ -e "$TOP_DIR/certs/root.crt" ]; then | ||
14 | openssl req -x509 -new -nodes -key "$TOP_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$TOP_DIR/certs/root.crt.tmp" | ||
15 | mv "$TOP_DIR/certs/root.crt.tmp" "$TOP_DIR/certs/root.crt" | ||
16 | fi | ||
17 | 9 | ||
18 | if ! [ -e "$TOP_DIR/certs/registry.key" ]; then | 10 | mkdir -p "$CONTEXT_DIR"/certs |
19 | openssl genrsa -out "$TOP_DIR/certs/registry.key.tmp" 4096 | 11 | if ! [ -e "$CONTEXT_DIR/certs/root.key" ]; then |
20 | mv "$TOP_DIR/certs/registry.key.tmp" "$TOP_DIR/certs/registry.key" | 12 | openssl genrsa -out "$CONTEXT_DIR/certs/root.key.tmp" 2048 |
13 | mv "$CONTEXT_DIR/certs/root.key.tmp" "$CONTEXT_DIR/certs/root.key" | ||
21 | fi | 14 | fi |
22 | if ! [ -e "$TOP_DIR/certs/registry.crt" ]; then | 15 | if ! [ -e "$CONTEXT_DIR/certs/root.crt" ]; then |
23 | openssl req -new -key "$TOP_DIR/certs/registry.key" -config "$TOP_DIR/etc/ssl/registry.conf" -out "$TOP_DIR/certs/registry.csr" | 16 | openssl req -x509 -new -nodes -key "$CONTEXT_DIR/certs/root.key" -subj "/CN=app.local" -days 1024 -reqexts v3_req -extensions v3_ca -out "$CONTEXT_DIR/certs/root.crt.tmp" |
24 | openssl x509 -req -days 365 -in "$TOP_DIR/certs/registry.csr" -CA "$TOP_DIR/certs/root.crt" -CAkey "$TOP_DIR/certs/root.key" -CAcreateserial -out "$TOP_DIR/certs/registry.crt.tmp" -extfile "$TOP_DIR/etc/ssl/registry-sign.conf" | 17 | mv "$CONTEXT_DIR/certs/root.crt.tmp" "$CONTEXT_DIR/certs/root.crt" |
25 | mv "$TOP_DIR/certs/registry.crt.tmp" "$TOP_DIR/certs/registry.crt" | ||
26 | fi | 18 | fi | ... | ... |
... | @@ -20,7 +20,7 @@ case "$1" in | ... | @@ -20,7 +20,7 @@ case "$1" in |
20 | ;; | 20 | ;; |
21 | esac | 21 | esac |
22 | 22 | ||
23 | "$APISERVER_DIR/scripts/ensure-certs.sh" | 23 | "$APISERVER_DIR/scripts/ensure-certs.sh" "$CONTEXT_DIR" |
24 | "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR" | 24 | "$APISERVER_DIR/scripts/wait-for-etcd.sh" "$CONTEXT_DIR" |
25 | 25 | ||
26 | _compose up -d k3s-master-1 | 26 | _compose up -d k3s-master-1 | ... | ... |
-
Please register or sign in to post a comment