summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/playbooks/setup-ca.sh
blob: 77addc714db722847ddafde761a6f07bf5d16100 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh

# Directory to use for storing intermediate files.
CA=${CA:="pmem-ca"}
WORKDIR=${WORKDIR:-$(mktemp -d -u -t pmem-XXXX)}
mkdir -p $WORKDIR
cd $WORKDIR

# Check for cfssl utilities.
cfssl_found=1
(command -v cfssl 2>&1 >/dev/null && command -v cfssljson 2>&1 >/dev/null) || cfssl_found=0
if [ $cfssl_found -eq 0 ]; then
    echo "cfssl tools not found, Please install cfssl and cfssljson."
    exit 1
fi

# Generate CA certificates.
<<EOF cfssl -loglevel=3 gencert -initca - | cfssljson -bare ca
{
    "CN": "$CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    }
}
EOF

# Generate server and client certificates.
DEFAULT_CNS="pmem-registry pmem-node-controller"
CNS="${DEFAULT_CNS} ${EXTRA_CNS:=""}"
for name in ${CNS}; do
  <<EOF cfssl -loglevel=3 gencert -ca=ca.pem -ca-key=ca-key.pem - | cfssljson -bare $name
{
    "CN": "$name",
    "hosts": [
        $(if [ "$name" = "pmem-registry" ]; then
             # Some extra names needed for scheduler extender and webhook.
             echo '"pmem-csi-scheduler", "pmem-csi-scheduler.default", "pmem-csi-scheduler.default.svc", "127.0.0.1",'
             # And for metrics server.
             echo '"pmem-csi-metrics", "pmem-csi-metrics.default", "pmem-csi-metrics.default.svc",'
          fi
        )
        "$name"
    ],
    "key": {
        "algo": "ecdsa",
        "size": 256
    }
}
EOF
done