kud/deployment_infra/playbooks/setup-ca.sh

   1 #!/bin/sh
   2
   3 # Directory to use for storing intermediate files.
   4 CA=${CA:="pmem-ca"}
   5 WORKDIR=${WORKDIR:-$(mktemp -d -u -t pmem-XXXX)}
   6 mkdir -p $WORKDIR
   7 cd $WORKDIR
   8
   9 # Check for cfssl utilities.
  10 cfssl_found=1
  11 (command -v cfssl 2>&1 >/dev/null && command -v cfssljson 2>&1 >/dev/null) || cfssl_found=0
  12 if [ $cfssl_found -eq 0 ]; then
  13     echo "cfssl tools not found, Please install cfssl and cfssljson."
  14     exit 1
  15 fi
  16
  17 # Generate CA certificates.
  18 <<EOF cfssl -loglevel=3 gencert -initca - | cfssljson -bare ca
  19 {
  20     "CN": "$CA",
  21     "key": {
  22         "algo": "rsa",
  23         "size": 2048
  24     }
  25 }
  26 EOF
  27
  28 # Generate server and client certificates.
  29 DEFAULT_CNS="pmem-registry pmem-node-controller"
  30 CNS="${DEFAULT_CNS} ${EXTRA_CNS:=""}"
  31 for name in ${CNS}; do
  32   <<EOF cfssl -loglevel=3 gencert -ca=ca.pem -ca-key=ca-key.pem - | cfssljson -bare $name
  33 {
  34     "CN": "$name",
  35     "hosts": [
  36         $(if [ "$name" = "pmem-registry" ]; then
  37              # Some extra names needed for scheduler extender and webhook.
  38              echo '"pmem-csi-scheduler", "pmem-csi-scheduler.default", "pmem-csi-scheduler.default.svc", "127.0.0.1",'
  39              # And for metrics server.
  40              echo '"pmem-csi-metrics", "pmem-csi-metrics.default", "pmem-csi-metrics.default.svc",'
  41           fi
  42         )
  43         "$name"
  44     ],
  45     "key": {
  46         "algo": "ecdsa",
  47         "size": 256
  48     }
  49 }
  50 EOF
  51 done