-
Notifications
You must be signed in to change notification settings - Fork 1
/
create-cert.sh
executable file
·43 lines (34 loc) · 1.12 KB
/
create-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
mkdir -p target/cert
cp csr.json target/cert
pushd target/cert
# Create private key and CSR
cfssl genkey csr.json | cfssljson -bare quarkus-admission-controller
# Create CSR k8s object
cat <<EOF | kubectl create -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: quarkus-admission-controller
spec:
groups:
- system:authenticated
request: $(cat quarkus-admission-controller.csr | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- server auth
EOF
# Approve certificate
kubectl certificate approve quarkus-admission-controller
sleep 5s
# Download public key
kubectl get csr quarkus-admission-controller -o jsonpath='{.status.certificate}' | base64 --decode > quarkus-admission-controller.crt
cp quarkus-admission-controller-key.pem tls.key
cp quarkus-admission-controller.crt tls.crt
kubectl create secret tls quarkus-admission-controller-tls -n admission --key ./tls.key --cert ./tls.crt
# Display public key content
openssl x509 -in tls.crt -text
#Propriétaire : CN=quarkus-admission-controller.admission.svc
#Emetteur : CN=kubernetes
popd