Created
August 30, 2021 13:08
-
-
Save developer-guy/dd5f8df4f73b3f51819248a6f2e98c48 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Copyright (c) 2019 StackRox Inc. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| # generate-keys.sh | |
| # | |
| # Generate a (self-signed) CA certificate and a certificate and private key to be used by the webhook demo server. | |
| # The certificate will be issued for the Common Name (CN) of `webhook-server.webhook-demo.svc`, which is the | |
| # cluster-internal DNS name for the service. | |
| # | |
| # NOTE: THIS SCRIPT EXISTS FOR DEMO PURPOSES ONLY. DO NOT USE IT FOR YOUR PRODUCTION WORKLOADS. | |
| : ${1?'missing key directory'} | |
| key_dir="$1" | |
| chmod 0700 "$key_dir" | |
| cd "$key_dir" | |
| cat >server.conf <<EOF | |
| [req] | |
| req_extensions = v3_req | |
| distinguished_name = req_distinguished_name | |
| prompt = no | |
| [req_distinguished_name] | |
| CN = webhook-server.webhook-demo.svc | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| extendedKeyUsage = clientAuth, serverAuth | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = webhook-server.webhook-demo.svc | |
| EOF | |
| # Generate the CA cert and private key | |
| openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -subj "/CN=Admission Controller Webhook Demo CA" | |
| # Generate the private key for the webhook server | |
| openssl genrsa -out webhook-server-tls.key 2048 | |
| # Generate a Certificate Signing Request (CSR) for the private key, and sign it with the private key of the CA. | |
| openssl req -new -key webhook-server-tls.key -subj "/CN=webhook-server.webhook-demo.svc" -config server.conf \ | |
| | openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -out webhook-server-tls.crt -extensions v3_req -extfile server.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment