-
Notifications
You must be signed in to change notification settings - Fork 65
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Implement TLS by default for Minikube + Helm installer (#476)
* Implement TLS by default for Minikube + Helm installer Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
- Loading branch information
Showing
23 changed files
with
7,095 additions
and
845 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# CA key pair generation job container | ||
FROM alpine | ||
|
||
RUN apk add --no-cache openssl curl && \ | ||
cd /usr/local/bin && \ | ||
curl -s -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && \ | ||
chmod +x kubectl && \ | ||
apk del curl | ||
|
||
COPY entrypoint.sh /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/sh | ||
|
||
docker build -t quay.io/eclipse/che-cert-manager-ca-cert-generator . |
36 changes: 36 additions & 0 deletions
36
dockerfiles/cert-manager-ca-cert-generator-job/entrypoint.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/sh | ||
|
||
CA_KEY_FILE='ca.key' | ||
CA_CERT_FILE='ca.crt' | ||
|
||
# Generate private key for root CA | ||
# Options: | ||
# -out : name of file to write generated key to | ||
# 4096 : number of bits in the key | ||
openssl genrsa -out $CA_KEY_FILE 4096 | ||
|
||
# Generate CA certificate and sign it with previously generated key. | ||
# Options: | ||
# -batch : script (non-interactive) mode | ||
# -new : creates new sertificate request | ||
# -x509 : produces self signed sertificate instead of certificate request | ||
# -deys : number of days this certificate will be valid for | ||
# -key : private key to use to sign this certificate | ||
# -subj : subject name. Should contain at least distinguished (common) name (CN). Format: /type0=value0/type1=value1 | ||
# -addext : adds extension to certificate (inline version of -reqexts with -config) | ||
# -outform : format of the certificate container | ||
# -out : name of file to write generated certificate to | ||
CA_CN='eclipse-che-local-CA' | ||
openssl req -batch -new -x509 -days 730 -key $CA_KEY_FILE \ | ||
-subj "/CN=${CA_CN}" \ | ||
-addext keyUsage=keyCertSign,cRLSign,digitalSignature \ | ||
-outform PEM -out $CA_CERT_FILE | ||
# Do not include CA:TRUE as it is already included into default config file | ||
#-addext basicConstraints=critical,CA:TRUE | ||
|
||
# Create CA root certificate secret | ||
|
||
CERT_MANAGER_NAMESPACE='cert-manager' | ||
CERT_MANAGER_CA_SECRET_NAME='ca' | ||
|
||
kubectl create secret tls $CERT_MANAGER_CA_SECRET_NAME --key=$CA_KEY_FILE --cert=$CA_CERT_FILE --namespace $CERT_MANAGER_NAMESPACE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.