forked from liangrog/admission-webhook-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssl.sh
25 lines (19 loc) · 778 Bytes
/
ssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/bash
: ${1?'missing CN'}
cn="$1"
secret_dir="helm/ssl"
expiration="3650"
mkdir -p helm/ssl
chmod 0700 "$secret_dir"
cd "$secret_dir"
rm -rf *
# Generate the CA cert and private key
openssl req -nodes -new -x509 -days $expiration -keyout ca.key -out ca.crt -subj "/CN=Admission Controller Webhook Server CA"
cat ca.key > server.pem
cat ca.crt >> server.pem
# Generate the private key for the webhook server
openssl genrsa -out tls.key 2048
# Generate a Certificate Signing Request (CSR) for the private key, and sign it with the private key of the CA.
openssl req -new -days $expiration -key tls.key -subj "/CN=$cn" \
| openssl x509 -days $expiration -req -extfile <(printf "subjectAltName=DNS:$cn") \
-CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt