camilosantana/100_generate_csr

## 100_generate_csr
#!/bin/bash
set +x
# pre-requisites
for PREREQ in \
  /usr/bin/whoami \
  /usr/bin/openssl \
  /usr/bin/tar \
  /usr/bin/gzip \
  /usr/bin/tr;
  do
    [ -f $PREREQ ] && echo "$PREREQ exists - ok!" || echo "missing $PREREQ"
  done

# vars
IAM=$(whoami)
KEY="$IAM.key"
CSR="$IAM.csr"
DN="/CN=employee/O=dt:engineer"
KEYLENGTH=2048
CLUSTER="k8s20170905.etcd-k8s-eu-central-1a.iameliza.net"
DEVOPS_CONTACT="ima.monkey@iamplus.com"
K8S_CONTEXT="iamplus_eliza_project"
OBFUSCATE="$(echo $RANDOM | tr 0123456789 mveqnobzrl)"
WORKSPACE_DIR="workspace_iamplus-"$OBFUSCATE
TARBALL="$IAM.tarball"
HARDBALL="$TARBALL.enc"
# exec

mkdir $WORKSPACE_DIR && cd $WORKSPACE_DIR
openssl genrsa -out $KEY $KEYLENGTH
openssl req -new -key $KEY -out $CSR -subj "$DN"

# compress and encrypt
tar czf $TARBALL $IAM.*
printf "\nfiles have been packaged into \n\t\t$TARBALL\n enter -=A UNIQUE TEMPORARY PASSPHRASE=- to encrypt data\n\n"
openssl aes-256-cbc -a -salt -in $TARBALL -out $HARDBALL
printf "\nemail the $HARDBALL file to $DEVOPS_CONTACT\n Send your temporary passphrase to Arul via any other method - aside from email."

# verify
# openssl req -in $CSR -noout -text

tr [:alnum:] [:alnum:] <<< "
Once you recieve both your approved crt key files, you can connect to cluster.
Run the following commands to store authentication credentials in ~/.kube/config

    kubectl config set-credentials $IAM --client-certificate=$IAM.crt --client-key=$KEY
    kubectl config set-context $K8S_CONTEXT --cluster=$CLUSTER --namespace=default --user=$IAM
    kubectl config use-context $K8S_CONTEXT

Finally, you need the cluster certificate authority data, server endpoint and context name added
to your ~/.kube/config file. Lastly, run the included 200_cluster_cert.sh file.
"

# clean up
# rm files and set vars to null
cd ..
mv $WORKSPACE_DIR/$HARDBALL .
rm -rf $WORKSPACE_DIR
IAM=""
KEY=""
CSR=""
DN=""
KEYLENGTH=""
CLUSTER=""
DEVOPS_CONTACT=""
K8S_CONTEXT=""
WORKSPACE_DIR=""
OBFUSCATE=""
TARBALL=""
HARDBALL=""
	#!/bin/bash
	set +x
	# pre-requisites
	for PREREQ in \
	/usr/bin/whoami \
	/usr/bin/openssl \
	/usr/bin/tar \
	/usr/bin/gzip \
	/usr/bin/tr;
	do
	[ -f $PREREQ ] && echo "$PREREQ exists - ok!" \|\| echo "missing $PREREQ"
	done

	# vars
	IAM=$(whoami)
	KEY="$IAM.key"
	CSR="$IAM.csr"
	DN="/CN=employee/O=dt:engineer"
	KEYLENGTH=2048
	CLUSTER="k8s20170905.etcd-k8s-eu-central-1a.iameliza.net"
	DEVOPS_CONTACT="ima.monkey@iamplus.com"
	K8S_CONTEXT="iamplus_eliza_project"
	OBFUSCATE="$(echo $RANDOM \| tr 0123456789 mveqnobzrl)"
	WORKSPACE_DIR="workspace_iamplus-"$OBFUSCATE
	TARBALL="$IAM.tarball"
	HARDBALL="$TARBALL.enc"
	# exec

	mkdir $WORKSPACE_DIR && cd $WORKSPACE_DIR
	openssl genrsa -out $KEY $KEYLENGTH
	openssl req -new -key $KEY -out $CSR -subj "$DN"

	# compress and encrypt
	tar czf $TARBALL $IAM.*
	printf "\nfiles have been packaged into \n\t\t$TARBALL\n enter -=A UNIQUE TEMPORARY PASSPHRASE=- to encrypt data\n\n"
	openssl aes-256-cbc -a -salt -in $TARBALL -out $HARDBALL
	printf "\nemail the $HARDBALL file to $DEVOPS_CONTACT\n Send your temporary passphrase to Arul via any other method - aside from email."

	# verify
	# openssl req -in $CSR -noout -text

	tr [:alnum:] [:alnum:] <<< "
	Once you recieve both your approved crt key files, you can connect to cluster.
	Run the following commands to store authentication credentials in ~/.kube/config

	kubectl config set-credentials $IAM --client-certificate=$IAM.crt --client-key=$KEY
	kubectl config set-context $K8S_CONTEXT --cluster=$CLUSTER --namespace=default --user=$IAM
	kubectl config use-context $K8S_CONTEXT

	Finally, you need the cluster certificate authority data, server endpoint and context name added
	to your ~/.kube/config file. Lastly, run the included 200_cluster_cert.sh file.
	"

	# clean up
	# rm files and set vars to null
	cd ..
	mv $WORKSPACE_DIR/$HARDBALL .
	rm -rf $WORKSPACE_DIR
	IAM=""
	KEY=""
	CSR=""
	DN=""
	KEYLENGTH=""
	CLUSTER=""
	DEVOPS_CONTACT=""
	K8S_CONTEXT=""
	WORKSPACE_DIR=""
	OBFUSCATE=""
	TARBALL=""
	HARDBALL=""