Home Explore Help
Sign In
wigust
/
dotfiles
Watch 2
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5fc73fc919
Branches Tags
dotfiles
/
cilium
/
tls
/
generated
/
generate.sh

generate.sh 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #!/usr/bin/env bash
    2. 

  2. 

  3. set -o nounset -o errexit -o pipefail
    4. 

  4. 

  5. cat > "cilium-ca.yaml" <<EOF
    6. 

  6. apiVersion: v1
    7. 

  7. data:
    8. 

  8.   ca.crt: $(cat /etc/kubernetes/pki/ca.pem | base64 -w0)
    9. 

  9.   ca.key: $(cat /etc/kubernetes/pki/ca-key.pem | base64 -w0)
    10. 

  10. kind: Secret
    11. 

  11. metadata:
    12. 

  12.   name: cilium-ca
    13. 

  13.   namespace: kube-system
    14. 

  14. type: Opaque
    15. 

  15. EOF
    16. 

  16. 

  17. cat > "clustermesh-apiserver-admin-cert.yaml" <<EOF
    18. 

  18. apiVersion: v1
    19. 

  19. data:
    20. 

  20.   ca.crt: $(cat /etc/kubernetes/pki/ca.pem | base64 -w0)
    21. 

  21.   tls.crt: $(cat /etc/kubernetes/pki/clustermesh-apiserver-admin-cert.pem | base64 -w0)
    22. 

  22.   tls.key: $(cat /etc/kubernetes/pki/clustermesh-apiserver-admin-cert-key.pem | base64 -w0)
    23. 

  23. kind: Secret
    24. 

  24. metadata:
    25. 

  25.   name: clustermesh-apiserver-admin-cert
    26. 

  26.   namespace: kube-system
    27. 

  27. type: kubernetes.io/tls
    28. 

  28. EOF
    29. 

  29. 

  30. cat > "clustermesh-apiserver-client-cert.yaml" <<EOF
    31. 

  31. apiVersion: v1
    32. 

  32. data:
    33. 

  33.   ca.crt: $(cat /etc/kubernetes/pki/ca.pem | base64 -w0)
    34. 

  34.   tls.crt: $(cat /etc/kubernetes/pki/clustermesh-apiserver-client-cert.pem | base64 -w0)
    35. 

  35.   tls.key: $(cat /etc/kubernetes/pki/clustermesh-apiserver-client-cert-key.pem | base64 -w0)
    36. 

  36. kind: Secret
    37. 

  37. metadata:
    38. 

  38.   name: clustermesh-apiserver-client-cert
    39. 

  39.   namespace: kube-system
    40. 

  40. type: kubernetes.io/tls
    41. 

  41. EOF
    42. 

  42. 

  43. cat > "clustermesh-apiserver-remote-cert.yaml" <<EOF
    44. 

  44. apiVersion: v1
    45. 

  45. data:
    46. 

  46.   ca.crt: $(cat /etc/kubernetes/pki/ca.pem | base64 -w0)
    47. 

  47.   tls.crt: $(cat /etc/kubernetes/pki/clustermesh-apiserver-remote-cert.pem | base64 -w0)
    48. 

  48.   tls.key: $(cat /etc/kubernetes/pki/clustermesh-apiserver-remote-cert-key.pem | base64 -w0)
    49. 

  49. kind: Secret
    50. 

  50. metadata:
    51. 

  51.   name: clustermesh-apiserver-remote-cert
    52. 

  52.   namespace: kube-system
    53. 

  53. type: kubernetes.io/tls
    54. 

  54. EOF
    55. 

  55. 

  56. cat > "clustermesh-apiserver-server-cert.yaml" <<EOF
    57. 

  57. apiVersion: v1
    58. 

  58. data:
    59. 

  59.   ca.crt: $(cat /etc/kubernetes/pki/ca.pem | base64 -w0)
    60. 

  60.   tls.crt: $(cat /etc/kubernetes/pki/clustermesh-apiserver-server-cert.pem | base64 -w0)
    61. 

  61.   tls.key: $(cat /etc/kubernetes/pki/clustermesh-apiserver-server-cert-key.pem | base64 -w0)
    62. 

  62. kind: Secret
    63. 

  63. metadata:
    64. 

  64.   name: clustermesh-apiserver-server-cert
    65. 

  65.   namespace: kube-system
    66. 

  66. type: kubernetes.io/tls
    67. 

  67. EOF
    68. 

  68. 

  69. cat > kustomization.yaml <<EOF
    70. 

  70. apiVersion: kustomize.config.k8s.io/v1beta1
    71. 

  71. kind: Kustomization
    72. 

  72. namespace: kube-system
    73. 

  73. resources:
    74. 

  74. - cilium-ca.yaml
    75. 

  75. - clustermesh-apiserver-admin-cert.yaml
    76. 

  76. - clustermesh-apiserver-client-cert.yaml
    77. 

  77. - clustermesh-apiserver-remote-cert.yaml
    78. 

  78. - clustermesh-apiserver-server-cert.yaml
    79. 

  79. EOF
    80. 

  80. 

  81. 

  82.