-
Notifications
You must be signed in to change notification settings - Fork 706
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cluster-kind.mk with setup for k8s api server oidc configured wit…
…h test CA (#1270) * Add cluster-kind.mk with setup for k8s api server oidc configured with test ca
- Loading branch information
1 parent
a716517
commit 72994ea
Showing
15 changed files
with
351 additions
and
215 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
*.*~ | ||
telepresence.log | ||
devel/openshift-* | ||
devel/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
24 changes: 24 additions & 0 deletions
24
docs/user/manifests/kubeapps-local-dev-apiserver-config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
"kind": "Cluster", | ||
"apiVersion": "kind.sigs.k8s.io/v1alpha3", | ||
"nodes": [ | ||
{ | ||
"role": "control-plane", | ||
"extraMounts": [ | ||
{ | ||
"readOnly": true, | ||
"hostPath": "./script/test-certs/ca.cert.pem", | ||
"containerPath": "/etc/ssl/certs/kubeapps-local-ca.cert.pem" | ||
} | ||
] | ||
} | ||
], | ||
"kubeadmConfigPatchesJson6902": [ | ||
{ | ||
"group": "kubeadm.k8s.io", | ||
"version": "v1beta2", | ||
"kind": "ClusterConfiguration", | ||
"patch": "[{ \"op\": \"add\", \"path\": \"/apiServer/extraArgs\", \"value\": {}}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-issuer-url\", \"value\": \"https://dex.dex:32000\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-client-id\", \"value\": \"kubeapps\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-ca-file\", \"value\": \"/etc/ssl/certs/kubeapps-local-ca.cert.pem\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-username-claim\", \"value\": \"email\"}, {\"op\": \"add\", \"path\": \"/apiServer/extraArgs/oidc-username-prefix\",\"value\": \"oidc:\"}]" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# This file provides targets which create a local k8s cluster setup | ||
# with OIDC integration for development and testing. | ||
KUBE ?= ${HOME}/.kube | ||
CLUSTER_NAME ?= kubeapps | ||
|
||
CLUSTER_CONFIG = ${KUBE}/kind-config-${CLUSTER_NAME} | ||
|
||
devel/local-dev-apiserver-config.json: | ||
cat docs/user/manifests/kubeapps-local-dev-apiserver-config.json | \ | ||
jq ".nodes[0].extraMounts[0].hostPath = \"${PWD}/script/test-certs/ca.cert.pem\"" > \ | ||
$@ | ||
|
||
${CLUSTER_CONFIG}: devel/local-dev-apiserver-config.json | ||
kind create cluster \ | ||
--name ${CLUSTER_NAME} \ | ||
--config=./devel/local-dev-apiserver-config.json \ | ||
--retain | ||
|
||
cluster-kind: ${CLUSTER_CONFIG} | ||
|
||
delete-cluster-kind: | ||
kind delete cluster --name ${CLUSTER_NAME} | ||
|
||
.PHONY: cluster-kind cluster-kind-delete |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,6 @@ | ||
This folder contains dummy self-signed certificates for CI tests. | ||
|
||
To generate them execute: | ||
|
||
``` | ||
openssl genrsa -out ./ca.key.pem 4096 | ||
cat <<EOF >> tls_config | ||
[ req ] | ||
distinguished_name="req_distinguished_name" | ||
prompt="no" | ||
[ req_distinguished_name ] | ||
C="ES" | ||
ST="Andalucia" | ||
L="Sevilla" | ||
O="Kubeapps" | ||
CN="localhost" | ||
EOF | ||
openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -config tls_config | ||
## server key | ||
openssl genrsa -out ./tiller.key.pem 4096 | ||
## client key | ||
openssl genrsa -out ./helm.key.pem 4096 | ||
openssl req -days 7300 -key tiller.key.pem -new -sha256 -out tiller.csr.pem -config tls_config | ||
openssl req -days 7300 -key helm.key.pem -new -sha256 -out helm.csr.pem -config tls_config | ||
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem | ||
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem | ||
# clean up unnecessary files | ||
rm ca.key.pem ca.srl helm.csr.pem tiller.csr.pem tls_config | ||
To regenerate them execute: | ||
``` | ||
./gen-certs.sh | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,30 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIFMDCCAxgCCQCX9isUAa1QjTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJF | ||
UzESMBAGA1UECAwJQW5kYWx1Y2lhMRAwDgYDVQQHDAdTZXZpbGxhMREwDwYDVQQK | ||
DAhLdWJlYXBwczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MTAxNTExMDc1NloX | ||
DTM4MTAxMDExMDc1NlowWjELMAkGA1UEBhMCRVMxEjAQBgNVBAgMCUFuZGFsdWNp | ||
YTEQMA4GA1UEBwwHU2V2aWxsYTERMA8GA1UECgwIS3ViZWFwcHMxEjAQBgNVBAMM | ||
CWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPF3YdVS | ||
PQHz+CmxNBvyop2JJvvrQ2WgbBMi9s3SMuQjfqFFfs0CjK0GLNvJ3Y1rbIkoTf4g | ||
FzzLTdUa+feYcDrFOOxUuJLTTfhoc/BZeg8KJ4OWDXrTgMGLXLi5loJkO+MIJgv9 | ||
mZdwl9arOfCu7hy3hkPiDU6abkfONXteB1mAJR39vUYzBM3MzINRJn0Fw2a0MB9G | ||
lfl4xxB7EGtV2qTbi1DJcP3yM4oNAXtmjDkWrXmNy/Nuk9merZZPDkaSY7NYjV1F | ||
g+QwoL47QAh0BbzHUMVyHXN/d0YJf6UJwofMINx1WNIJ6rz7vu7mU6A5RWptBPUC | ||
ETlqf3bI5X8duDMU6htxvf343UVuWSLgzD9HS5G6t9of0THqNDY4kV5gU5LThvBt | ||
3VtOebYaUhgWcMy/4fDOuuG89pKHecDVwMCugQ64a3+XIObE3vQr8v6cMoGbKkG2 | ||
rVMFa1PGeyBi1qSazGIaM5pBNjx1y+xSH+s3hu7gcO66pQ9BW/IKn68mFvG05V40 | ||
CLBixCvjVK2isUwX73G23BDZg3XU4LohiA2ZAMlv/fC/xBnVRB3VqR5cGhH5b4Co | ||
CHNEu+ipYnRQpetUgzo7aPTPDke+9yGXRcoRZLuNXGGVSCWGF2OjDj/2EhyaOONw | ||
LfEh5OIpmJsVU6q9aSs0Mt7H7C640P0AkaLXAgMBAAEwDQYJKoZIhvcNAQELBQAD | ||
ggIBANV5L1F+jKIlFsZgxSnTEg9CpkyUkchpUyI6epdYkR+vtt30ZJaKuKe2CyNB | ||
XUV1GUPoU0mA44aesceL3aHjyj0NBYan8BtjpZJl9xFOfVFSNL7nTxa/4TE+LaBR | ||
3ATAjwsfxRVg3Jnd6Ab+l+IiNM5pOYjnjvACcSi5Kc74R5EYgPXPBFocsMGtybFr | ||
pYfDltA1y46/m+yyfyU8S5gDwhmWI/ESEF98E67uX9PlR0qUSS9Un/B4zN2iGbeB | ||
XqccYarZiCHA1SLOJMCPdlQiGItDxFYhqHjLHNN+fCSslvaq4vyDNTZ6BdIHaiGQ | ||
aeXJBVdiYVvosfXBFaBUrlXQqQqM8atOhrDvx5S64RagIe4w30VAvubGFvQfwtrK | ||
pZkW6vNSZGwv9ePGIEjV5uEUEbQglbxv8Meobg3xo5K7Yy6vd/z7A4bKw1vM5KEl | ||
iMl+cTrmhkDNn4SUrjfmCvrV8Q2yOKJl99sswfDGm5/b7/ohQnfxTWFTpzcoQx9J | ||
6KsMTYkSq/3G78cW1DHtvkYR4sAo1RyG1mjALCEnQIweTnYZ25j2ezD6PVXr7teZ | ||
PrvRVK+uhXW+71vMefsy8Ylp+Im0WTX2pLbo5o1xnIBVsHkECYS7qbvixuYtA08b | ||
Eh+0yGkW0SyMKM99kG805jMcbC8+AVyiqj0EtXeB+icqQeFu | ||
MIIFDTCCAvWgAwIBAgIUQLz2bm0fYy1ctWoRM2bwGoG1vBYwDQYJKoZIhvcNAQEL | ||
BQAwFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwHhcNMTkxMTA1MDU0MjAwWhcNMzkx | ||
MDMxMDU0MjAwWjAWMRQwEgYDVQQDDAtrdWJlYXBwcy1jYTCCAiIwDQYJKoZIhvcN | ||
AQEBBQADggIPADCCAgoCggIBANhf6+66VFCDyDoPXecisT7adkSCb/sWb3eWbp7Z | ||
K2/VUM3kJlonrwPC+qMo7oBtWCT9tdk2QQZmLFGw+KD/2PO24sxQXYZcmjDED9IM | ||
2LpX+eHeE2370A20UbQb0go9D5nFVpk6rG+tYQkkYUvDB3FwCfQEEpsLFoHYjiER | ||
ZelyKfu882riot16DNPeWaLr5jsGL8wTHUJw7bLkA6SgmjdUzDKBmVp7glM+5UOY | ||
7htAb8UEq0+1eH2YXCZpxTCdEI53obuyl1Sua0F+vWADAf9zejFw7v7o8W3fCG4A | ||
6SUN4QByvsg5P8+OxmaOpzHz3g29GqAZLmOX96sN9+CLvoMRsmikyXHjcrJ4yrXr | ||
OdyLzWoukCgpiawyIHFDKBQ2spGiRiUPrj5GsBUpECRAenwMc/enx7QsljyIBGRc | ||
WcknONwi0opxemGlVrVy12x95BlgmcWUEbvxJlXCGo7ZQ/cKQ6rLoUMnh7Yi7LA+ | ||
Gk0R+GWuk/oU5VgDz5mToeRLI+gvt/waf2FGfPasz6W66lWxaH7MR8ucLw3we6fE | ||
y1K0hX3t+nNOa1mJsMiXWzvmVsEgZdLKkY8cTgdfeqk/t37h3fTmQs+3CLoTUwOD | ||
+Z9b/Al1GAQHziFmtTn8B+Ej0PUImnCxo8dBjZTf5Iq0yN5RjT7XLhkmTyZ0IFyW | ||
YDkDAgMBAAGjUzBRMB0GA1UdDgQWBBTwC0pIDHG1nAh2lJgJkG21ooXibTAfBgNV | ||
HSMEGDAWgBTwC0pIDHG1nAh2lJgJkG21ooXibTAPBgNVHRMBAf8EBTADAQH/MA0G | ||
CSqGSIb3DQEBCwUAA4ICAQBC/C258X3hn38TzIK4EqyHDJwXhrPaKvPJvziD+zvT | ||
cEYfbFXJLKfd0t83YNzaQs1H49VV0Gu7FTbYuqN/MFMKnVJW/8QS2KXlKt6ovTm+ | ||
YGcmK+xmEML2i2nw79x2d7dIL5AKOe7oIbBTScVtdHRaZ2Iv2gLbtP16WPX0uI4z | ||
e/7lvc3pv0wGTCE6b0RZ+4+4bFTPowfN+VYbwRwoUeZQhGIkW10jLPFPPiisHoRP | ||
QmWBF/dTvj8LJqHQwJjV0FE52zf/SEjZCzxFLxo4zVrTGQXWiHcA18AAzzAS0M6F | ||
kRs3BFNEgC255MqiGRhJi8klS82tJ0RKDgsJ2viI9JUVn84XAtbzJFebZHfj0B2X | ||
Csa9bDvdDmkc6LUkhGJWBLiCOGYzo1D5Vub1pPHLRWwRBg5wqKG1Vl+CtKA/MN3d | ||
D6pPe90/ybWd825I5xc6U9MCj9BhvO5+YJzJzpy3cghwdJkpZ1KjIvYz0qf/6Lta | ||
4Zmn9Jz4F4CaafFZlVXmhTOIXnRgTEbiy6j2A6V1ppEvPO6ITpYVfElMlPR9RhrX | ||
Xt3uXPbgpcVl5H1eU/6fn4LJFPAPErKxdqjIiJldMOMp+c4o8CVtO3dH0KjN0Y1x | ||
Jbp5ELrj63z6s3xSatZBu1ZMtVso9VmNDM2/sjucdXlt4Yye6VuhQWeVArl9tz7q | ||
WA== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEszCCApsCFBCLdNSO4+LHZUmF5XkvJcjmniYCMA0GCSqGSIb3DQEBCwUAMBYx | ||
FDASBgNVBAMMC2t1YmVhcHBzLWNhMB4XDTE5MTEwNTA1NDIwM1oXDTM5MTAzMTA1 | ||
NDIwM1owFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwggIiMA0GCSqGSIb3DQEBAQUA | ||
A4ICDwAwggIKAoICAQCYl5Ad2EvX3Gg9AK0yBUIxz3XfNzPP4DifnbHVuYDM80U/ | ||
o2W4DT1p+QNbWWr8Cbu+Rab2eqob/hPovmd3olHE50l7ADlVx6idKgx481qAKukP | ||
kVV9vo6FGZVD1HLe+5JAhLDgOkbi9OBR0cqnQszyCSfjVCoaQ7vbYjXBv/RLFP6/ | ||
b8/I/387hWIZawMWC7IOxm7rY3L0vZMIEdvh5Q6GKtNdZcfQ42CyQkeuDDTidaQb | ||
VZfKCsf1qrbDX9EvlfDNIhhMRXgCiJFJ5WctP+Ns06k8MJ2Ng7KcngTSjF7YEDph | ||
qtfV4Km7MxAtYlDuscPIig0X6JLBX77N8F9asYCFQlozcEPSnHa1/ywkPJrp1yqS | ||
jlDaaYzVoSj4hzimwFBYqtb4GV0vk0HIHbLkjVMdujLqjGNOw+TMv+LNbNBZjWAT | ||
p/Iwz84+1sYSd5TC0OodrTpUcuvCLn9EFG+gINn/adgwEMXZEEnHVDMszn9tYGuY | ||
1hpDrsHhxY2HVN3hR9Y8ubf/Ew0ACRYHlfb04+j8W+H2kMCQj0vCnuPCjqePU13g | ||
vK0HqLZ5/1zFw1cosm8KmMh0MfYqMgl8AQK1iVE5e4Az9Sgx1besELByJbhO/dNj | ||
cOYSbN5CE/hzWT/CuyhBUgMhxbaIV0TP9Cq2JmRgn36JymgWiWsLsoNnayidMwID | ||
AQABMA0GCSqGSIb3DQEBCwUAA4ICAQClAfWvNGFgsmsxMdm6xkg5DUOM2t0idw18 | ||
TJcZRrSNvKv3o2b4gz47hW0lwCaxchq5UJbMf+jl/jsJCz9ClEOBNI2w9/YR0QGN | ||
Ha97pjB/+wXqyVZCJ6FrUiQ7hpnOkFt6CzOsLXNhGbPnqNFay++8W7gjUXXzK8jj | ||
MFfJVErGoPvloYpiqwx/XlSrbkWYn6PsjYt5tqYzTGbYgc/Dq8ceN1rC9G8hRGVr | ||
uQvWfS0C6ykVy0CttNyvT2GZ0Em4tdhnbWfaRkBWfYmPMx0YPJAi8a6Z/AUNldf7 | ||
+iNHj+FvAdlrcCalc2QEQuFVuoiz7jg0XgCgQmCEEIYwNBjQaN0oe33SYbyzkfNq | ||
xb5RGEP40+Y7TBNShDc8PHa3PbkCTa9TXZr+GlHAoMNPcbrw1HgIUYb4Hkwi9Nuw | ||
RDD/7nA/MzpK7cGmtlYaOuVUMCed7Vj3OBG5QveU6XRpeJR8Erv1vkCp4iZf6Q8W | ||
jufnd2bnB3YqOLTIf8KeRgKXToAQocu0YK5ZLLgnMzYp/Bz9nXoK8kc083377q4Y | ||
chKQYysByxH0Ju0uPn04MKkzCxtneSCZX3y8zKn7siE/UTmazE/H/Kf6QYb9MYmQ | ||
ehGbF0tjzAMUjMh7tMlsFqA5kT1iAw5CWELHldaInl86BozQD9Hw1mBp9MUkZfgY | ||
BEniXEI64Q== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIJKAIBAAKCAgEAmJeQHdhL19xoPQCtMgVCMc913zczz+A4n52x1bmAzPNFP6Nl | ||
uA09afkDW1lq/Am7vkWm9nqqG/4T6L5nd6JRxOdJewA5VceonSoMePNagCrpD5FV | ||
fb6OhRmVQ9Ry3vuSQISw4DpG4vTgUdHKp0LM8gkn41QqGkO722I1wb/0SxT+v2/P | ||
yP9/O4ViGWsDFguyDsZu62Ny9L2TCBHb4eUOhirTXWXH0ONgskJHrgw04nWkG1WX | ||
ygrH9aq2w1/RL5XwzSIYTEV4AoiRSeVnLT/jbNOpPDCdjYOynJ4E0oxe2BA6YarX | ||
1eCpuzMQLWJQ7rHDyIoNF+iSwV++zfBfWrGAhUJaM3BD0px2tf8sJDya6dcqko5Q | ||
2mmM1aEo+Ic4psBQWKrW+BldL5NByB2y5I1THboy6oxjTsPkzL/izWzQWY1gE6fy | ||
MM/OPtbGEneUwtDqHa06VHLrwi5/RBRvoCDZ/2nYMBDF2RBJx1QzLM5/bWBrmNYa | ||
Q67B4cWNh1Td4UfWPLm3/xMNAAkWB5X29OPo/Fvh9pDAkI9Lwp7jwo6nj1Nd4Lyt | ||
B6i2ef9cxcNXKLJvCpjIdDH2KjIJfAECtYlROXuAM/UoMdW3rBCwciW4Tv3TY3Dm | ||
EmzeQhP4c1k/wrsoQVIDIcW2iFdEz/QqtiZkYJ9+icpoFolrC7KDZ2sonTMCAwEA | ||
AQKCAgBj8QDnSz+Bhk6Phd3qIR+V2Ddvl4xL3qO3h2Vugi0mDz+PyslYnvNWcU4N | ||
iqdTpFxe5ufQD89Svjrz+aFy7dF4kbPC6AaldDuvlFbO8TSZNYGoPJwt250k9/iX | ||
kJIcEdFciIwAkKrVA2XYsPt2SX5KGE0Ty5A3250yt0RWPg8XDg07/VOuZglDRr1V | ||
wI0o50gb/UOw0FX+jhu68Vd+wLOelHYTehJBcmtm1Zp1GHGa0UpGzOy53A3TjZhe | ||
pmcwL5ikAmy/p9BOeHwQVjwZmvqt0IPLdFv80AEwKx8ld+K2yQoz5d2vq5H/lhZG | ||
Y1p2u99rfV/OBPn5xWgHIiSSFigCHN+EtjIsefGx8QFd/EO5AxOchpPSTrToim5P | ||
1MtSaTw04itgzXgz9e74qBDQfmwcg4FTJaSI3Dgkqsk8ilCCP7+1O8i4E9slP7yg | ||
4gWIVPaNIHvcszuQcZmVI7QiuiE/ftV2rAF7oPWc54hNpVcfngTlW61pLDZEo0s/ | ||
kHvhR47Izz3ZUAbvzbNxXGoS8nUXGsfr9JWj5veLsQqqirDc6oJlvU3C1nE6UI79 | ||
brykAl06ovJ8UtUGHkwLTFqicsguocIhmj6Bs3JZzqMXTslPlglSqxCVCjCsyp/t | ||
c3TPaWvKjjCi4NwkMZS7We8LbY8PwCo1MpKG4aE2isvN+NFJoQKCAQEAyOKL5+M8 | ||
M7RiUi1QjvFwL4HyMo+tbDW5GlgGD4y6j15m6KcFPeKNnEZVa03Nag/sYhcrOY9s | ||
KpPewY8r/KFzu02JmOIHV/tEeNWjTfkfwSgdZnhc20iNczFQjkXNuDYnHOSTUhDy | ||
YCDUoaRX3rNRYzaLfc7y5w6c6OzFVtIR15aa0KSNaiC9x2ROg7IC1GUNXkfmh4eK | ||
buf2MpEL0pX4BjnvUKDVDCXXJSKEZNSLy3t6Gezld37daNKmVZzfTJd4ahZ54rDX | ||
GGVUv1L+oEkv5SI+jQ6blm3m0yUlCpfOIWMoljPX51W3oOUiA8Pj7I87CLYhDg12 | ||
GEe5H3QkpXGMtQKCAQEAwnUXpXDRTywhIeT/KIjhUSD7nm4szrrn86F73DTQUuyo | ||
1w9R0tAyL6WZKJ31xICa0HmzZtItKyqch/0uGLhsxesA/A/gZLI3imtuw9jiq8J3 | ||
Oo+x/E8LJLyIKfOtiZv8j7gbLHGhCZzs5MSSlUI9Nr7A29gb+hBZugNu+YRMCtX4 | ||
tfXV0gyh8JBmyt8PVDJoa0YxK026Z1E/GJL1+BghQ9cySeN/kfj0VZRras6+yKWS | ||
pDvGCvjtrPrBY7LZ/36/4zL7Ggco0iXRbnC3JGI5msAGr5POwTh3t75ua9esqUHd | ||
P56dnlqtj+NoSYOJLMS53ABqSCDvGDnFJ8PAazWbRwKCAQAIO7C8OkX3YIc/Evhg | ||
Q2jzqYHBrL3Q14rUl5L4BC6JPbc+BcpjNOvU4dUSZsfqduibRJPS8hveytywVivZ | ||
WMyjepQPHgRrCLNPuIHO6kzw37IExx4XJqwVcon4qse5qw6DUqLvFB667d2JGnE3 | ||
gWXuiQfCij7OVXz81udnnYh5q4SA1J2vIdRlXakSILOY/ONFX/EE0PtNfFhMzkEL | ||
ynW1254BUfYpX0uoC/gdIdDw8AibE2h8M0jjyO5kR9+nBfY7ctxf/Bt0toJ4rPAe | ||
paE+5N5nbZfW3H4/XSBdhMc/+w5oyYspwguanol8WgT3Zw9mVgCY0NhsOlROA7aU | ||
yUiZAoIBAHHClqbOrWSn6Gov0aYhDc+sgAdbZRM7/N5mplNZAlbA5LWL3M57xiBh | ||
vIwqfNEMe4Vi7TVF1+7c6t4Tm5gSrG/M37KWhyvhpuRvnUkt5M2e4ql7zyBQDbDc | ||
KryANhG/E63wgtUpVJCPIXdkGG0BZ1ZTmfgDIbrVPei4gX+vidz8+JdazlAn28Uk | ||
dT5R6GHVa4j2c2Vl/5rZyRPTRdpyI2PQzTa0xLjc7/Pw9DZz5OD1HCjAX0ekAUel | ||
GuX8h9QUjqWX+ZZsgdEPFsqJXlsGq7SAimjFC7u2ETOJUIf+kKAkTA8f+A3f9pGq | ||
9COts95g6GpwQ70Wp0mA4no05qjRn5kCggEBAJ9rbgWVaBAVH+wYDcKCceyVeKMQ | ||
lqi2SQHIg123MAuvi6Qs7zohneVPW3jOs3c9F0dQF44Ie2Qt9wD1cG/LlwID+/EX | ||
Co5Vk2Wg2UH+EVTIGViEWetTPPipgQm5REf4QUd/pjlz2/zJIYb9w6VdaZknx6ik | ||
X066IvIFz1eZ4EhZsGrZsw2asTeY9vxWGO+U7cLvNVphgOuw3+6REHuG7+cf9LVN | ||
3dOuG/D2gOPFlFnZmV/kik8mhjxDToOFQiJ7WuYD0cCUC4qR2KADhbAwbbAZx45Q | ||
yk5OynQhHAlqsUAD0qNKaWI1ANpUAw5GRDb+gDsXR2LrPzm5LiUHQFVfGzk= | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#!/bin/bash | ||
|
||
cat << EOF > tls_config | ||
[req] | ||
req_extensions = v3_req | ||
distinguished_name = req_distinguished_name | ||
prompt = "no" | ||
[req_distinguished_name] | ||
[ v3_req ] | ||
basicConstraints = CA:FALSE | ||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
subjectAltName = @alt_names | ||
[alt_names] | ||
DNS.1 = localhost | ||
DNS.2 = dex.dex | ||
EOF | ||
|
||
openssl genrsa -out ./ca.key.pem 4096 | ||
openssl req -key ca.key.pem -new -x509 -days 7300 -sha256 -out ca.cert.pem -subj "/CN=kubeapps-ca" | ||
|
||
## tiller server key | ||
openssl genrsa -out ./tiller.key.pem 4096 | ||
## helm client key | ||
openssl genrsa -out ./helm.key.pem 4096 | ||
## dex server key | ||
openssl genrsa -out ./dex.key.pem 4096 | ||
|
||
openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem -config tls_config -subj "/CN=kubeapps-ca" | ||
openssl req -key dex.key.pem -new -sha256 -out dex.csr.pem -config tls_config -subj "/CN=kubeapps-ca" | ||
openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem -config tls_config -subj "/CN=kubeapps-ca" | ||
|
||
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem | ||
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem | ||
openssl x509 -days 7300 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in dex.csr.pem -out dex.cert.pem | ||
|
||
# clean up unnecessary files | ||
rm ca.key.pem ca.cert.srl dex.csr.pem helm.csr.pem tiller.csr.pem tls_config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,28 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIFMDCCAxgCCQCtLRwEXNgTmTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJF | ||
UzESMBAGA1UECAwJQW5kYWx1Y2lhMRAwDgYDVQQHDAdTZXZpbGxhMREwDwYDVQQK | ||
DAhLdWJlYXBwczESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MTAxNTExMDgxNFoX | ||
DTM4MTAxMDExMDgxNFowWjELMAkGA1UEBhMCRVMxEjAQBgNVBAgMCUFuZGFsdWNp | ||
YTEQMA4GA1UEBwwHU2V2aWxsYTERMA8GA1UECgwIS3ViZWFwcHMxEjAQBgNVBAMM | ||
CWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALddYZcb | ||
K6c7gC9YjqKX0bTZCQL7c0DjhOZSlCJtFY4NKHCeuhlMsIGs8g/QI+OcUMjQZX6Z | ||
91Nnr/lU2E4EDJ2Ehu/pQdWM1LrMjuqnuvBO59FLUy4xnP4Rtyc2PTjwYa1Wr5if | ||
9MD5JsHVTuuMLI8fIiGMbiNJ5wTkozbAcgPNWc3tLLEq0EAXcf0jRTRMFOdRuu7w | ||
w2xf/SsxhU5ULuAKo3vnZ0SYQWrRrQROkoF35VYmWpBDsGtc5SviawZnA8Gd1MU9 | ||
htFq1bhhOaVWma67bzQjFhanbCxCAjcpqWOY3RsAP7lT2LauBX/pm9PG4Sm1u6aW | ||
HQ7Vgfs4HnQR2odmZQfzMoJV8SYkchL9bGJRcL8DWPWOVefOVVZKkj80R/NeaZne | ||
Q4UO4m/qzr1EZjerh4vF8jaLCOedR04ZbwaPVhcyuPUd09n5Opcd7TuGWrDJ0Psk | ||
QbofHaO+lsOVa8PTZ8dHAhaOvd/w9aviTQJnSJtBIBt7lVlXEqUkH3Emd45bpRV5 | ||
DgaZFxlclGIkM5o8dV82r1tZ09VIrI8ys038kD8VUKarMHB7LafKvXwWsNVK3PS5 | ||
BjPkECfUDGAXc7CS/yldcCZItJeUHQhBItuvKqegbnic20X1VyerG5xX3XvcBaWM | ||
yyw2YaZiBzNSDMV7kZFeNTIDyVCeafz+3+ElAgMBAAEwDQYJKoZIhvcNAQEFBQAD | ||
ggIBANOz6wucIgmLM7/pnwEla1apROdiBm3ZPTFrYYRhHcw5+zOhE2WfSV3UJ08j | ||
WbahKHbgrnSRBYZEjzYfe0/w/ARx8++owdtawM4NbX0/GMH9zplfwnDEhwli1LKl | ||
iHn4ZX0cjsmZB7Pd4rdUWoJs2G5FYy0n7gAwSHh2Z0btkFAMWyx2t4CEQzo9wGRj | ||
sM+pFHHS9TmSsNQ3l/dxm0z7Kb9E2+o3kl1Un/ZgM1Vz3l9lcR9Wm/C421DEeyRu | ||
V/K1eC9b+vH7ou6JeEzzAqumKyfmKLywpweN7PkqkA/1gTHgfR8jALZUsaNXsn+T | ||
chENyq15jPZkmN0jq5TpinHSJ1DC/sxnBNAMJHceiJSxLAec17KvFVjiumxTI2wd | ||
fXQ4J3O6D2o3infR42btEbq76Q/RdEneynrne3um0qgu8diI6RU3oXDJSdrfOAcg | ||
QMXWVJXzyxp3kx3GhReRKtrtKXb5OD8WrvFd16DxjcQhfOIyUsoJ+d2ykta40faV | ||
jfHSli6NYNSqbsfX191rMnfvbRDYBDFxGlLdPXGkeCf5Mc0JmC61249uOWwuXS56 | ||
VhkdQQIyuYFOajkxGLh4nQphig4lOIamhm9jvjxLyGksz6pmDiIFCgeWRLqNtjDd | ||
8bnBTyk341ez2XqEAv3Ltprdy2+7OVUDwQ8G5K2Ga5+TihAX | ||
MIIEszCCApsCFBCLdNSO4+LHZUmF5XkvJcjmniYBMA0GCSqGSIb3DQEBCwUAMBYx | ||
FDASBgNVBAMMC2t1YmVhcHBzLWNhMB4XDTE5MTEwNTA1NDIwM1oXDTM5MTAzMTA1 | ||
NDIwM1owFjEUMBIGA1UEAwwLa3ViZWFwcHMtY2EwggIiMA0GCSqGSIb3DQEBAQUA | ||
A4ICDwAwggIKAoICAQDQBfiKOk5kZxyq+hNByb8jCEq8uAlEAP6hSBLK6JPCec0c | ||
X4wT/ZiY1UcOtrPuYy7igmNu+acOsK5LtNe6kikQJ6EKe0hFW+RwNgqnUOzXWX7E | ||
xkoKCBiKAC6R5nicJk+XW4T8XTLS9TdxEezF/o6n7KsMg/pHpo+Pcf8rliU53nxU | ||
9f23DKXpxhdjoD7+49lMoybUxNV7mUqLiZSPU/9E0C1Hx3OOKZhgdHbghVlubLCJ | ||
eTnNQlIvNThNBu2xK1KSf5StsR/tdc4UGxRLYuhwiJTOkFAIz+MXe1UbB9SgXCqz | ||
Xk6qprh8JIJyL8cAFj8d2480aG57haUIsYoPBcXfCsjpX0zSl/kJ5fSJylu9er/T | ||
/Uyjz4UBno5ULdQeigZcKYiI0QlKnuQRJk1P363nOtHc2jKogEW6UgUTKK811ZrQ | ||
9uUkx0bZOa/nOeLFN+LXZCcR6ke14L3g6uYbRTOmvVFcB6Tr8zS5r6kd2NXcsKjX | ||
CP2pEyTeb/sAK1XP17O0Ao5GubogTNVKBtt4R41NXe9Aimcon+focfbEALSNioWe | ||
vL1WYQyOEUGybMfWNetWzBWa1nJLdQQ8M+i+5/wmKYHPWxVeWAKID9MbU7MlReXq | ||
Ro5iB8qIkYv3qxZv32vEHX8T9Eu4frgHhjfz2XzVyqHaXFDasr8yyL4gVuT7+wID | ||
AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCXzv/jLWrMGDhvE2lzx0CoqtL25XnVzQwc | ||
GA0KxCChzw9YZPgx2uI2bL7NFJX3o/jWcyEOWqn6U+Jd24m2Xjcr3cx1Ux/BEzix | ||
NoHdHDnX5eR/Tngpuy3dqkcO05QQD0dB5y3Yah38BuBveRQpDgLpXchhLoVr/hrl | ||
9DjE54Axa8bADwSU47xClsnOkaimxkRqErvcvJ4AnNwZHlZgqpP3VS/M65PHaxCJ | ||
bAa9xlXbJPaFEiClqiDsej7CNQFIrt9gXcxkSFa1bm9uJXGsOewWfpdmEceFCqQA | ||
J2ya9RDURho4KxBcaH0/Lj8DncKM8nEqk1/3UFeXB74E6mpNBjW+FqYq9ry0qDtL | ||
TRRuopcnCe7MeD4KQPxW3OBp8W+IK7wYA2Zk1JQeLwrW15qnhGzvxToeq2g4BpuL | ||
HLLB2KnOLzb18T4m73NFDipGuRT7BQljRq0+0h050eDyEGcmIIsxP7jhTVKdFOsF | ||
l4hpDH+By30dD2M9Vwh9Af0s1UrJHS4Xwh3aONt4kaogGPGNSWcwS3KWytX9di4g | ||
wJnSZXlJU1yxidg6kAe+4pr43I6dZvPLR8S3YCQmfhItB3bRqQY1yEYrt1VQ3xtg | ||
I9Zcs0o+9TwCOYDnTxXwdGsXz5IxhUFejM6p5b/b5CXkrYfbfFnVYT1MOixeGtBA | ||
5az/v0iSZQ== | ||
-----END CERTIFICATE----- |
Oops, something went wrong.