Skip to content

Commit

Permalink
Add cluster-kind.mk with setup for k8s api server oidc configured wit…
Browse files Browse the repository at this point in the history
…h test CA (#1270)

* Add cluster-kind.mk with setup for k8s api server oidc configured with test ca
  • Loading branch information
absoludity authored Nov 6, 2019
1 parent a716517 commit 72994ea
Show file tree
Hide file tree
Showing 15 changed files with 351 additions and 215 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
*.*~
telepresence.log
devel/openshift-*
devel/*
3 changes: 2 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ GOFMT = /usr/bin/env gofmt
IMAGE_TAG ?= dev-$(shell date +%FT%H-%M-%S-%Z)
VERSION ?= $$(git rev-parse HEAD)

include ./script/openshift-cluster.mk
include ./script/cluster-kind.mk
include ./script/cluster-openshift.mk

IMG_MODIFIER ?=

Expand Down
File renamed without changes.
24 changes: 24 additions & 0 deletions docs/user/manifests/kubeapps-local-dev-apiserver-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"kind": "Cluster",
"apiVersion": "kind.sigs.k8s.io/v1alpha3",
"nodes": [
{
"role": "control-plane",
"extraMounts": [
{
"readOnly": true,
"hostPath": "./script/test-certs/ca.cert.pem",
"containerPath": "/etc/ssl/certs/kubeapps-local-ca.cert.pem"
}
]
}
],
"kubeadmConfigPatchesJson6902": [
{
"group": "kubeadm.k8s.io",
"version": "v1beta2",
"kind": "ClusterConfiguration",
"patch": "[{ \"op\": \"add\", \"path\": \"/apiServer/extraArgs\", \"value\": {}}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-issuer-url\", \"value\": \"https://dex.dex:32000\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-client-id\", \"value\": \"kubeapps\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-ca-file\", \"value\": \"/etc/ssl/certs/kubeapps-local-ca.cert.pem\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-username-claim\", \"value\": \"email\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-username-prefix\",\"value\": \"oidc:\"}]"
}
]
}
24 changes: 24 additions & 0 deletions script/cluster-kind.mk
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# This file provides targets which create a local k8s cluster setup
# with OIDC integration for development and testing.
KUBE ?= ${HOME}/.kube
CLUSTER_NAME ?= kubeapps

CLUSTER_CONFIG = ${KUBE}/kind-config-${CLUSTER_NAME}

devel/local-dev-apiserver-config.json:
cat docs/user/manifests/kubeapps-local-dev-apiserver-config.json | \
jq ".nodes[0].extraMounts[0].hostPath = \"${PWD}/script/test-certs/ca.cert.pem\"" > \
$@

${CLUSTER_CONFIG}: devel/local-dev-apiserver-config.json
kind create cluster \
--name ${CLUSTER_NAME} \
--config=./devel/local-dev-apiserver-config.json \
--retain

cluster-kind: ${CLUSTER_CONFIG}

delete-cluster-kind:
kind delete cluster --name ${CLUSTER_NAME}

.PHONY: cluster-kind cluster-kind-delete
File renamed without changes.
34 changes: 3 additions & 31 deletions script/test-certs/README.md
Original file line number Diff line number Diff line change
@@ -1,34 +1,6 @@
This folder contains dummy self-signed certificates for CI tests.

To generate them execute:

```
openssl genrsa -out ./ca.key.pem 4096
cat <<EOF >> tls_config
[ req ]
distinguished_name="req_distinguished_name"
prompt="no"
[ req_distinguished_name ]
C="ES"
ST="Andalucia"
L="Sevilla"
O="Kubeapps"
CN="localhost"
EOF
openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -config tls_config
## server key
openssl genrsa -out ./tiller.key.pem 4096
## client key
openssl genrsa -out ./helm.key.pem 4096
openssl req -days 7300 -key tiller.key.pem -new -sha256 -out tiller.csr.pem -config tls_config
openssl req -days 7300 -key helm.key.pem -new -sha256 -out helm.csr.pem -config tls_config
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem
# clean up unnecessary files
rm ca.key.pem ca.srl helm.csr.pem tiller.csr.pem tls_config
To regenerate them execute:
```
./gen-certs.sh
```
56 changes: 28 additions & 28 deletions script/test-certs/ca.cert.pem
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFMDCCAxgCCQCX9isUAa1QjTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJF
UzESMBAGA1UECAwJQW5kYWx1Y2lhMRAwDgYDVQQHDAdTZXZpbGxhMREwDwYDVQQK
DAhLdWJlYXBwczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MTAxNTExMDc1NloX
DTM4MTAxMDExMDc1NlowWjELMAkGA1UEBhMCRVMxEjAQBgNVBAgMCUFuZGFsdWNp
YTEQMA4GA1UEBwwHU2V2aWxsYTERMA8GA1UECgwIS3ViZWFwcHMxEjAQBgNVBAMM
CWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPF3YdVS
PQHz+CmxNBvyop2JJvvrQ2WgbBMi9s3SMuQjfqFFfs0CjK0GLNvJ3Y1rbIkoTf4g
FzzLTdUa+feYcDrFOOxUuJLTTfhoc/BZeg8KJ4OWDXrTgMGLXLi5loJkO+MIJgv9
mZdwl9arOfCu7hy3hkPiDU6abkfONXteB1mAJR39vUYzBM3MzINRJn0Fw2a0MB9G
lfl4xxB7EGtV2qTbi1DJcP3yM4oNAXtmjDkWrXmNy/Nuk9merZZPDkaSY7NYjV1F
g+QwoL47QAh0BbzHUMVyHXN/d0YJf6UJwofMINx1WNIJ6rz7vu7mU6A5RWptBPUC
ETlqf3bI5X8duDMU6htxvf343UVuWSLgzD9HS5G6t9of0THqNDY4kV5gU5LThvBt
3VtOebYaUhgWcMy/4fDOuuG89pKHecDVwMCugQ64a3+XIObE3vQr8v6cMoGbKkG2
rVMFa1PGeyBi1qSazGIaM5pBNjx1y+xSH+s3hu7gcO66pQ9BW/IKn68mFvG05V40
CLBixCvjVK2isUwX73G23BDZg3XU4LohiA2ZAMlv/fC/xBnVRB3VqR5cGhH5b4Co
CHNEu+ipYnRQpetUgzo7aPTPDke+9yGXRcoRZLuNXGGVSCWGF2OjDj/2EhyaOONw
LfEh5OIpmJsVU6q9aSs0Mt7H7C640P0AkaLXAgMBAAEwDQYJKoZIhvcNAQELBQAD
ggIBANV5L1F+jKIlFsZgxSnTEg9CpkyUkchpUyI6epdYkR+vtt30ZJaKuKe2CyNB
XUV1GUPoU0mA44aesceL3aHjyj0NBYan8BtjpZJl9xFOfVFSNL7nTxa/4TE+LaBR
3ATAjwsfxRVg3Jnd6Ab+l+IiNM5pOYjnjvACcSi5Kc74R5EYgPXPBFocsMGtybFr
pYfDltA1y46/m+yyfyU8S5gDwhmWI/ESEF98E67uX9PlR0qUSS9Un/B4zN2iGbeB
XqccYarZiCHA1SLOJMCPdlQiGItDxFYhqHjLHNN+fCSslvaq4vyDNTZ6BdIHaiGQ
aeXJBVdiYVvosfXBFaBUrlXQqQqM8atOhrDvx5S64RagIe4w30VAvubGFvQfwtrK
pZkW6vNSZGwv9ePGIEjV5uEUEbQglbxv8Meobg3xo5K7Yy6vd/z7A4bKw1vM5KEl
iMl+cTrmhkDNn4SUrjfmCvrV8Q2yOKJl99sswfDGm5/b7/ohQnfxTWFTpzcoQx9J
6KsMTYkSq/3G78cW1DHtvkYR4sAo1RyG1mjALCEnQIweTnYZ25j2ezD6PVXr7teZ
PrvRVK+uhXW+71vMefsy8Ylp+Im0WTX2pLbo5o1xnIBVsHkECYS7qbvixuYtA08b
Eh+0yGkW0SyMKM99kG805jMcbC8+AVyiqj0EtXeB+icqQeFu
MIIFDTCCAvWgAwIBAgIUQLz2bm0fYy1ctWoRM2bwGoG1vBYwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwHhcNMTkxMTA1MDU0MjAwWhcNMzkx
MDMxMDU0MjAwWjAWMRQwEgYDVQQDDAtrdWJlYXBwcy1jYTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBANhf6+66VFCDyDoPXecisT7adkSCb/sWb3eWbp7Z
K2/VUM3kJlonrwPC+qMo7oBtWCT9tdk2QQZmLFGw+KD/2PO24sxQXYZcmjDED9IM
2LpX+eHeE2370A20UbQb0go9D5nFVpk6rG+tYQkkYUvDB3FwCfQEEpsLFoHYjiER
ZelyKfu882riot16DNPeWaLr5jsGL8wTHUJw7bLkA6SgmjdUzDKBmVp7glM+5UOY
7htAb8UEq0+1eH2YXCZpxTCdEI53obuyl1Sua0F+vWADAf9zejFw7v7o8W3fCG4A
6SUN4QByvsg5P8+OxmaOpzHz3g29GqAZLmOX96sN9+CLvoMRsmikyXHjcrJ4yrXr
OdyLzWoukCgpiawyIHFDKBQ2spGiRiUPrj5GsBUpECRAenwMc/enx7QsljyIBGRc
WcknONwi0opxemGlVrVy12x95BlgmcWUEbvxJlXCGo7ZQ/cKQ6rLoUMnh7Yi7LA+
Gk0R+GWuk/oU5VgDz5mToeRLI+gvt/waf2FGfPasz6W66lWxaH7MR8ucLw3we6fE
y1K0hX3t+nNOa1mJsMiXWzvmVsEgZdLKkY8cTgdfeqk/t37h3fTmQs+3CLoTUwOD
+Z9b/Al1GAQHziFmtTn8B+Ej0PUImnCxo8dBjZTf5Iq0yN5RjT7XLhkmTyZ0IFyW
YDkDAgMBAAGjUzBRMB0GA1UdDgQWBBTwC0pIDHG1nAh2lJgJkG21ooXibTAfBgNV
HSMEGDAWgBTwC0pIDHG1nAh2lJgJkG21ooXibTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQBC/C258X3hn38TzIK4EqyHDJwXhrPaKvPJvziD+zvT
cEYfbFXJLKfd0t83YNzaQs1H49VV0Gu7FTbYuqN/MFMKnVJW/8QS2KXlKt6ovTm+
YGcmK+xmEML2i2nw79x2d7dIL5AKOe7oIbBTScVtdHRaZ2Iv2gLbtP16WPX0uI4z
e/7lvc3pv0wGTCE6b0RZ+4+4bFTPowfN+VYbwRwoUeZQhGIkW10jLPFPPiisHoRP
QmWBF/dTvj8LJqHQwJjV0FE52zf/SEjZCzxFLxo4zVrTGQXWiHcA18AAzzAS0M6F
kRs3BFNEgC255MqiGRhJi8klS82tJ0RKDgsJ2viI9JUVn84XAtbzJFebZHfj0B2X
Csa9bDvdDmkc6LUkhGJWBLiCOGYzo1D5Vub1pPHLRWwRBg5wqKG1Vl+CtKA/MN3d
D6pPe90/ybWd825I5xc6U9MCj9BhvO5+YJzJzpy3cghwdJkpZ1KjIvYz0qf/6Lta
4Zmn9Jz4F4CaafFZlVXmhTOIXnRgTEbiy6j2A6V1ppEvPO6ITpYVfElMlPR9RhrX
Xt3uXPbgpcVl5H1eU/6fn4LJFPAPErKxdqjIiJldMOMp+c4o8CVtO3dH0KjN0Y1x
Jbp5ELrj63z6s3xSatZBu1ZMtVso9VmNDM2/sjucdXlt4Yye6VuhQWeVArl9tz7q
WA==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions script/test-certs/dex.cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEszCCApsCFBCLdNSO4+LHZUmF5XkvJcjmniYCMA0GCSqGSIb3DQEBCwUAMBYx
FDASBgNVBAMMC2t1YmVhcHBzLWNhMB4XDTE5MTEwNTA1NDIwM1oXDTM5MTAzMTA1
NDIwM1owFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQCYl5Ad2EvX3Gg9AK0yBUIxz3XfNzPP4DifnbHVuYDM80U/
o2W4DT1p+QNbWWr8Cbu+Rab2eqob/hPovmd3olHE50l7ADlVx6idKgx481qAKukP
kVV9vo6FGZVD1HLe+5JAhLDgOkbi9OBR0cqnQszyCSfjVCoaQ7vbYjXBv/RLFP6/
b8/I/387hWIZawMWC7IOxm7rY3L0vZMIEdvh5Q6GKtNdZcfQ42CyQkeuDDTidaQb
VZfKCsf1qrbDX9EvlfDNIhhMRXgCiJFJ5WctP+Ns06k8MJ2Ng7KcngTSjF7YEDph
qtfV4Km7MxAtYlDuscPIig0X6JLBX77N8F9asYCFQlozcEPSnHa1/ywkPJrp1yqS
jlDaaYzVoSj4hzimwFBYqtb4GV0vk0HIHbLkjVMdujLqjGNOw+TMv+LNbNBZjWAT
p/Iwz84+1sYSd5TC0OodrTpUcuvCLn9EFG+gINn/adgwEMXZEEnHVDMszn9tYGuY
1hpDrsHhxY2HVN3hR9Y8ubf/Ew0ACRYHlfb04+j8W+H2kMCQj0vCnuPCjqePU13g
vK0HqLZ5/1zFw1cosm8KmMh0MfYqMgl8AQK1iVE5e4Az9Sgx1besELByJbhO/dNj
cOYSbN5CE/hzWT/CuyhBUgMhxbaIV0TP9Cq2JmRgn36JymgWiWsLsoNnayidMwID
AQABMA0GCSqGSIb3DQEBCwUAA4ICAQClAfWvNGFgsmsxMdm6xkg5DUOM2t0idw18
TJcZRrSNvKv3o2b4gz47hW0lwCaxchq5UJbMf+jl/jsJCz9ClEOBNI2w9/YR0QGN
Ha97pjB/+wXqyVZCJ6FrUiQ7hpnOkFt6CzOsLXNhGbPnqNFay++8W7gjUXXzK8jj
MFfJVErGoPvloYpiqwx/XlSrbkWYn6PsjYt5tqYzTGbYgc/Dq8ceN1rC9G8hRGVr
uQvWfS0C6ykVy0CttNyvT2GZ0Em4tdhnbWfaRkBWfYmPMx0YPJAi8a6Z/AUNldf7
+iNHj+FvAdlrcCalc2QEQuFVuoiz7jg0XgCgQmCEEIYwNBjQaN0oe33SYbyzkfNq
xb5RGEP40+Y7TBNShDc8PHa3PbkCTa9TXZr+GlHAoMNPcbrw1HgIUYb4Hkwi9Nuw
RDD/7nA/MzpK7cGmtlYaOuVUMCed7Vj3OBG5QveU6XRpeJR8Erv1vkCp4iZf6Q8W
jufnd2bnB3YqOLTIf8KeRgKXToAQocu0YK5ZLLgnMzYp/Bz9nXoK8kc083377q4Y
chKQYysByxH0Ju0uPn04MKkzCxtneSCZX3y8zKn7siE/UTmazE/H/Kf6QYb9MYmQ
ehGbF0tjzAMUjMh7tMlsFqA5kT1iAw5CWELHldaInl86BozQD9Hw1mBp9MUkZfgY
BEniXEI64Q==
-----END CERTIFICATE-----
51 changes: 51 additions & 0 deletions script/test-certs/dex.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAmJeQHdhL19xoPQCtMgVCMc913zczz+A4n52x1bmAzPNFP6Nl
uA09afkDW1lq/Am7vkWm9nqqG/4T6L5nd6JRxOdJewA5VceonSoMePNagCrpD5FV
fb6OhRmVQ9Ry3vuSQISw4DpG4vTgUdHKp0LM8gkn41QqGkO722I1wb/0SxT+v2/P
yP9/O4ViGWsDFguyDsZu62Ny9L2TCBHb4eUOhirTXWXH0ONgskJHrgw04nWkG1WX
ygrH9aq2w1/RL5XwzSIYTEV4AoiRSeVnLT/jbNOpPDCdjYOynJ4E0oxe2BA6YarX
1eCpuzMQLWJQ7rHDyIoNF+iSwV++zfBfWrGAhUJaM3BD0px2tf8sJDya6dcqko5Q
2mmM1aEo+Ic4psBQWKrW+BldL5NByB2y5I1THboy6oxjTsPkzL/izWzQWY1gE6fy
MM/OPtbGEneUwtDqHa06VHLrwi5/RBRvoCDZ/2nYMBDF2RBJx1QzLM5/bWBrmNYa
Q67B4cWNh1Td4UfWPLm3/xMNAAkWB5X29OPo/Fvh9pDAkI9Lwp7jwo6nj1Nd4Lyt
B6i2ef9cxcNXKLJvCpjIdDH2KjIJfAECtYlROXuAM/UoMdW3rBCwciW4Tv3TY3Dm
EmzeQhP4c1k/wrsoQVIDIcW2iFdEz/QqtiZkYJ9+icpoFolrC7KDZ2sonTMCAwEA
AQKCAgBj8QDnSz+Bhk6Phd3qIR+V2Ddvl4xL3qO3h2Vugi0mDz+PyslYnvNWcU4N
iqdTpFxe5ufQD89Svjrz+aFy7dF4kbPC6AaldDuvlFbO8TSZNYGoPJwt250k9/iX
kJIcEdFciIwAkKrVA2XYsPt2SX5KGE0Ty5A3250yt0RWPg8XDg07/VOuZglDRr1V
wI0o50gb/UOw0FX+jhu68Vd+wLOelHYTehJBcmtm1Zp1GHGa0UpGzOy53A3TjZhe
pmcwL5ikAmy/p9BOeHwQVjwZmvqt0IPLdFv80AEwKx8ld+K2yQoz5d2vq5H/lhZG
Y1p2u99rfV/OBPn5xWgHIiSSFigCHN+EtjIsefGx8QFd/EO5AxOchpPSTrToim5P
1MtSaTw04itgzXgz9e74qBDQfmwcg4FTJaSI3Dgkqsk8ilCCP7+1O8i4E9slP7yg
4gWIVPaNIHvcszuQcZmVI7QiuiE/ftV2rAF7oPWc54hNpVcfngTlW61pLDZEo0s/
kHvhR47Izz3ZUAbvzbNxXGoS8nUXGsfr9JWj5veLsQqqirDc6oJlvU3C1nE6UI79
brykAl06ovJ8UtUGHkwLTFqicsguocIhmj6Bs3JZzqMXTslPlglSqxCVCjCsyp/t
c3TPaWvKjjCi4NwkMZS7We8LbY8PwCo1MpKG4aE2isvN+NFJoQKCAQEAyOKL5+M8
M7RiUi1QjvFwL4HyMo+tbDW5GlgGD4y6j15m6KcFPeKNnEZVa03Nag/sYhcrOY9s
KpPewY8r/KFzu02JmOIHV/tEeNWjTfkfwSgdZnhc20iNczFQjkXNuDYnHOSTUhDy
YCDUoaRX3rNRYzaLfc7y5w6c6OzFVtIR15aa0KSNaiC9x2ROg7IC1GUNXkfmh4eK
buf2MpEL0pX4BjnvUKDVDCXXJSKEZNSLy3t6Gezld37daNKmVZzfTJd4ahZ54rDX
GGVUv1L+oEkv5SI+jQ6blm3m0yUlCpfOIWMoljPX51W3oOUiA8Pj7I87CLYhDg12
GEe5H3QkpXGMtQKCAQEAwnUXpXDRTywhIeT/KIjhUSD7nm4szrrn86F73DTQUuyo
1w9R0tAyL6WZKJ31xICa0HmzZtItKyqch/0uGLhsxesA/A/gZLI3imtuw9jiq8J3
Oo+x/E8LJLyIKfOtiZv8j7gbLHGhCZzs5MSSlUI9Nr7A29gb+hBZugNu+YRMCtX4
tfXV0gyh8JBmyt8PVDJoa0YxK026Z1E/GJL1+BghQ9cySeN/kfj0VZRras6+yKWS
pDvGCvjtrPrBY7LZ/36/4zL7Ggco0iXRbnC3JGI5msAGr5POwTh3t75ua9esqUHd
P56dnlqtj+NoSYOJLMS53ABqSCDvGDnFJ8PAazWbRwKCAQAIO7C8OkX3YIc/Evhg
Q2jzqYHBrL3Q14rUl5L4BC6JPbc+BcpjNOvU4dUSZsfqduibRJPS8hveytywVivZ
WMyjepQPHgRrCLNPuIHO6kzw37IExx4XJqwVcon4qse5qw6DUqLvFB667d2JGnE3
gWXuiQfCij7OVXz81udnnYh5q4SA1J2vIdRlXakSILOY/ONFX/EE0PtNfFhMzkEL
ynW1254BUfYpX0uoC/gdIdDw8AibE2h8M0jjyO5kR9+nBfY7ctxf/Bt0toJ4rPAe
paE+5N5nbZfW3H4/XSBdhMc/+w5oyYspwguanol8WgT3Zw9mVgCY0NhsOlROA7aU
yUiZAoIBAHHClqbOrWSn6Gov0aYhDc+sgAdbZRM7/N5mplNZAlbA5LWL3M57xiBh
vIwqfNEMe4Vi7TVF1+7c6t4Tm5gSrG/M37KWhyvhpuRvnUkt5M2e4ql7zyBQDbDc
KryANhG/E63wgtUpVJCPIXdkGG0BZ1ZTmfgDIbrVPei4gX+vidz8+JdazlAn28Uk
dT5R6GHVa4j2c2Vl/5rZyRPTRdpyI2PQzTa0xLjc7/Pw9DZz5OD1HCjAX0ekAUel
GuX8h9QUjqWX+ZZsgdEPFsqJXlsGq7SAimjFC7u2ETOJUIf+kKAkTA8f+A3f9pGq
9COts95g6GpwQ70Wp0mA4no05qjRn5kCggEBAJ9rbgWVaBAVH+wYDcKCceyVeKMQ
lqi2SQHIg123MAuvi6Qs7zohneVPW3jOs3c9F0dQF44Ie2Qt9wD1cG/LlwID+/EX
Co5Vk2Wg2UH+EVTIGViEWetTPPipgQm5REf4QUd/pjlz2/zJIYb9w6VdaZknx6ik
X066IvIFz1eZ4EhZsGrZsw2asTeY9vxWGO+U7cLvNVphgOuw3+6REHuG7+cf9LVN
3dOuG/D2gOPFlFnZmV/kik8mhjxDToOFQiJ7WuYD0cCUC4qR2KADhbAwbbAZx45Q
yk5OynQhHAlqsUAD0qNKaWI1ANpUAw5GRDb+gDsXR2LrPzm5LiUHQFVfGzk=
-----END RSA PRIVATE KEY-----
40 changes: 40 additions & 0 deletions script/test-certs/gen-certs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#!/bin/bash

cat << EOF > tls_config
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = "no"
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = dex.dex
EOF

openssl genrsa -out ./ca.key.pem 4096
openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -subj "/CN=kubeapps-ca"

## tiller server key
openssl genrsa -out ./tiller.key.pem 4096
## helm client key
openssl genrsa -out ./helm.key.pem 4096
## dex server key
openssl genrsa -out ./dex.key.pem 4096

openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem -config tls_config -subj "/CN=kubeapps-ca"
openssl req -key dex.key.pem -new -sha256 -out dex.csr.pem -config tls_config -subj "/CN=kubeapps-ca"
openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem -config tls_config -subj "/CN=kubeapps-ca"

openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in dex.csr.pem -out dex.cert.pem

# clean up unnecessary files
rm ca.key.pem ca.cert.srl dex.csr.pem helm.csr.pem tiller.csr.pem tls_config
54 changes: 26 additions & 28 deletions script/test-certs/helm.cert.pem
Original file line number Diff line number Diff line change
@@ -1,30 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIFMDCCAxgCCQCtLRwEXNgTmTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJF
UzESMBAGA1UECAwJQW5kYWx1Y2lhMRAwDgYDVQQHDAdTZXZpbGxhMREwDwYDVQQK
DAhLdWJlYXBwczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MTAxNTExMDgxNFoX
DTM4MTAxMDExMDgxNFowWjELMAkGA1UEBhMCRVMxEjAQBgNVBAgMCUFuZGFsdWNp
YTEQMA4GA1UEBwwHU2V2aWxsYTERMA8GA1UECgwIS3ViZWFwcHMxEjAQBgNVBAMM
CWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALddYZcb
K6c7gC9YjqKX0bTZCQL7c0DjhOZSlCJtFY4NKHCeuhlMsIGs8g/QI+OcUMjQZX6Z
91Nnr/lU2E4EDJ2Ehu/pQdWM1LrMjuqnuvBO59FLUy4xnP4Rtyc2PTjwYa1Wr5if
9MD5JsHVTuuMLI8fIiGMbiNJ5wTkozbAcgPNWc3tLLEq0EAXcf0jRTRMFOdRuu7w
w2xf/SsxhU5ULuAKo3vnZ0SYQWrRrQROkoF35VYmWpBDsGtc5SviawZnA8Gd1MU9
htFq1bhhOaVWma67bzQjFhanbCxCAjcpqWOY3RsAP7lT2LauBX/pm9PG4Sm1u6aW
HQ7Vgfs4HnQR2odmZQfzMoJV8SYkchL9bGJRcL8DWPWOVefOVVZKkj80R/NeaZne
Q4UO4m/qzr1EZjerh4vF8jaLCOedR04ZbwaPVhcyuPUd09n5Opcd7TuGWrDJ0Psk
QbofHaO+lsOVa8PTZ8dHAhaOvd/w9aviTQJnSJtBIBt7lVlXEqUkH3Emd45bpRV5
DgaZFxlclGIkM5o8dV82r1tZ09VIrI8ys038kD8VUKarMHB7LafKvXwWsNVK3PS5
BjPkECfUDGAXc7CS/yldcCZItJeUHQhBItuvKqegbnic20X1VyerG5xX3XvcBaWM
yyw2YaZiBzNSDMV7kZFeNTIDyVCeafz+3+ElAgMBAAEwDQYJKoZIhvcNAQEFBQAD
ggIBANOz6wucIgmLM7/pnwEla1apROdiBm3ZPTFrYYRhHcw5+zOhE2WfSV3UJ08j
WbahKHbgrnSRBYZEjzYfe0/w/ARx8++owdtawM4NbX0/GMH9zplfwnDEhwli1LKl
iHn4ZX0cjsmZB7Pd4rdUWoJs2G5FYy0n7gAwSHh2Z0btkFAMWyx2t4CEQzo9wGRj
sM+pFHHS9TmSsNQ3l/dxm0z7Kb9E2+o3kl1Un/ZgM1Vz3l9lcR9Wm/C421DEeyRu
V/K1eC9b+vH7ou6JeEzzAqumKyfmKLywpweN7PkqkA/1gTHgfR8jALZUsaNXsn+T
chENyq15jPZkmN0jq5TpinHSJ1DC/sxnBNAMJHceiJSxLAec17KvFVjiumxTI2wd
fXQ4J3O6D2o3infR42btEbq76Q/RdEneynrne3um0qgu8diI6RU3oXDJSdrfOAcg
QMXWVJXzyxp3kx3GhReRKtrtKXb5OD8WrvFd16DxjcQhfOIyUsoJ+d2ykta40faV
jfHSli6NYNSqbsfX191rMnfvbRDYBDFxGlLdPXGkeCf5Mc0JmC61249uOWwuXS56
VhkdQQIyuYFOajkxGLh4nQphig4lOIamhm9jvjxLyGksz6pmDiIFCgeWRLqNtjDd
8bnBTyk341ez2XqEAv3Ltprdy2+7OVUDwQ8G5K2Ga5+TihAX
MIIEszCCApsCFBCLdNSO4+LHZUmF5XkvJcjmniYBMA0GCSqGSIb3DQEBCwUAMBYx
FDASBgNVBAMMC2t1YmVhcHBzLWNhMB4XDTE5MTEwNTA1NDIwM1oXDTM5MTAzMTA1
NDIwM1owFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQDQBfiKOk5kZxyq+hNByb8jCEq8uAlEAP6hSBLK6JPCec0c
X4wT/ZiY1UcOtrPuYy7igmNu+acOsK5LtNe6kikQJ6EKe0hFW+RwNgqnUOzXWX7E
xkoKCBiKAC6R5nicJk+XW4T8XTLS9TdxEezF/o6n7KsMg/pHpo+Pcf8rliU53nxU
9f23DKXpxhdjoD7+49lMoybUxNV7mUqLiZSPU/9E0C1Hx3OOKZhgdHbghVlubLCJ
eTnNQlIvNThNBu2xK1KSf5StsR/tdc4UGxRLYuhwiJTOkFAIz+MXe1UbB9SgXCqz
Xk6qprh8JIJyL8cAFj8d2480aG57haUIsYoPBcXfCsjpX0zSl/kJ5fSJylu9er/T
/Uyjz4UBno5ULdQeigZcKYiI0QlKnuQRJk1P363nOtHc2jKogEW6UgUTKK811ZrQ
9uUkx0bZOa/nOeLFN+LXZCcR6ke14L3g6uYbRTOmvVFcB6Tr8zS5r6kd2NXcsKjX
CP2pEyTeb/sAK1XP17O0Ao5GubogTNVKBtt4R41NXe9Aimcon+focfbEALSNioWe
vL1WYQyOEUGybMfWNetWzBWa1nJLdQQ8M+i+5/wmKYHPWxVeWAKID9MbU7MlReXq
Ro5iB8qIkYv3qxZv32vEHX8T9Eu4frgHhjfz2XzVyqHaXFDasr8yyL4gVuT7+wID
AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCXzv/jLWrMGDhvE2lzx0CoqtL25XnVzQwc
GA0KxCChzw9YZPgx2uI2bL7NFJX3o/jWcyEOWqn6U+Jd24m2Xjcr3cx1Ux/BEzix
NoHdHDnX5eR/Tngpuy3dqkcO05QQD0dB5y3Yah38BuBveRQpDgLpXchhLoVr/hrl
9DjE54Axa8bADwSU47xClsnOkaimxkRqErvcvJ4AnNwZHlZgqpP3VS/M65PHaxCJ
bAa9xlXbJPaFEiClqiDsej7CNQFIrt9gXcxkSFa1bm9uJXGsOewWfpdmEceFCqQA
J2ya9RDURho4KxBcaH0/Lj8DncKM8nEqk1/3UFeXB74E6mpNBjW+FqYq9ry0qDtL
TRRuopcnCe7MeD4KQPxW3OBp8W+IK7wYA2Zk1JQeLwrW15qnhGzvxToeq2g4BpuL
HLLB2KnOLzb18T4m73NFDipGuRT7BQljRq0+0h050eDyEGcmIIsxP7jhTVKdFOsF
l4hpDH+By30dD2M9Vwh9Af0s1UrJHS4Xwh3aONt4kaogGPGNSWcwS3KWytX9di4g
wJnSZXlJU1yxidg6kAe+4pr43I6dZvPLR8S3YCQmfhItB3bRqQY1yEYrt1VQ3xtg
I9Zcs0o+9TwCOYDnTxXwdGsXz5IxhUFejM6p5b/b5CXkrYfbfFnVYT1MOixeGtBA
5az/v0iSZQ==
-----END CERTIFICATE-----
Loading

0 comments on commit 72994ea

Please sign in to comment.