bakins/kubernetes cert generation

## kubernetes cert generation
#!/bin/bash
set -e
set -x
# create certs for a kubernetes cluster

usage() {
    echo $0 [cluster_name] [service_ip] [additional_names]
    echo additional name is generally the dns name
    exit -1
}

CLUSTER_NAME=$1
shift

mkdir ${CLUSTER_NAME}
cat <<EOF > ${CLUSTER_NAME}/openssl.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.cluster.local
DNS.4 = kubernetes.svc.cluster.local
DNS.5 = kubernetes.default.svc.cluster.local
IP.1 = 127.0.0.1
IP.2 = 192.168.0.1
EOF
#IP.3 = ${SERVICE_IP}
i=6
for NAME in "$@"; do
    echo "DNS.${i} = ${NAME}" >> ${CLUSTER_NAME}/openssl.cnf
    let i++
done

cd ${CLUSTER_NAME}

#apiserver
openssl genrsa -out apiserver-key.pem 2048
openssl req -new -key apiserver-key.pem -out apiserver.csr -subj "/CN=kube-apiserver" -config openssl.cnf
openssl x509 -req -in apiserver.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out apiserver.pem -days 99999 -extensions v3_req -extfile openssl.cnf

#worker
openssl genrsa -out worker-key.pem 2048
openssl req -new -key worker-key.pem -out worker.csr -subj "/CN=kube-worker"
openssl x509 -req -in worker.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out worker.pem -days 99999

#admin
openssl genrsa -out admin-key.pem 2048
openssl req -new -key admin-key.pem -out admin.csr -subj "/CN=kube-admin"
openssl x509 -req -in admin.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out admin.pem -days 99999
	#!/bin/bash
	set -e
	set -x
	# create certs for a kubernetes cluster

	usage() {
	echo $0 [cluster_name] [service_ip] [additional_names]
	echo additional name is generally the dns name
	exit -1
	}

	CLUSTER_NAME=$1
	shift

	mkdir ${CLUSTER_NAME}
	cat <<EOF > ${CLUSTER_NAME}/openssl.cnf
	[req]
	req_extensions = v3_req
	distinguished_name = req_distinguished_name
	[req_distinguished_name]
	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	subjectAltName = @alt_names
	[alt_names]
	DNS.1 = kubernetes
	DNS.2 = kubernetes.default
	DNS.3 = kubernetes.cluster.local
	DNS.4 = kubernetes.svc.cluster.local
	DNS.5 = kubernetes.default.svc.cluster.local
	IP.1 = 127.0.0.1
	IP.2 = 192.168.0.1
	EOF
	#IP.3 = ${SERVICE_IP}
	i=6
	for NAME in "$@"; do
	echo "DNS.${i} = ${NAME}" >> ${CLUSTER_NAME}/openssl.cnf
	let i++
	done

	cd ${CLUSTER_NAME}

	#apiserver
	openssl genrsa -out apiserver-key.pem 2048
	openssl req -new -key apiserver-key.pem -out apiserver.csr -subj "/CN=kube-apiserver" -config openssl.cnf
	openssl x509 -req -in apiserver.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out apiserver.pem -days 99999 -extensions v3_req -extfile openssl.cnf

	#worker
	openssl genrsa -out worker-key.pem 2048
	openssl req -new -key worker-key.pem -out worker.csr -subj "/CN=kube-worker"
	openssl x509 -req -in worker.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out worker.pem -days 99999

	#admin
	openssl genrsa -out admin-key.pem 2048
	openssl req -new -key admin-key.pem -out admin.csr -subj "/CN=kube-admin"
	openssl x509 -req -in admin.csr -CA ../ca.pem -CAkey ../ca-key.pem -CAcreateserial -out admin.pem -days 99999