-
Notifications
You must be signed in to change notification settings - Fork 0
/
refresh-certs.sh
executable file
·35 lines (28 loc) · 1.13 KB
/
refresh-certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
cfssl gencert -initca ./tls/ca-csr.json | cfssljson -bare /tmp/ca
cfssl gencert \
-ca=/tmp/ca.pem \
-ca-key=/tmp/ca-key.pem \
-config=./tls/ca-config.json \
-hostname="webhook,webhook.webhook.svc.cluster.local,webhook.webhook.svc,localhost,127.0.0.1,192.168.11.80" \
-profile=default \
./tls/ca-csr.json | cfssljson -bare /tmp/example-webhook
mkdir -p ./tls/local-dev-certs
cat /tmp/example-webhook.pem > ./tls/local-dev-certs/tls.crt
cat /tmp/example-webhook-key.pem > ./tls/local-dev-certs/tls.key
cat <<EOF > ./webhooks/templates/webhook-tls-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: webhook-tls
namespace: webhook
type: Opaque
data:
tls.crt: $(cat /tmp/example-webhook.pem | base64 | tr -d '\n')
tls.key: $(cat /tmp/example-webhook-key.pem | base64 | tr -d '\n')
EOF
ca_pem_b64="$(openssl base64 -A <"/tmp/ca.pem")"
sed -e 's@${CA_PEM_B64}@'"$ca_pem_b64"'@g' <"./manifests/mutating-webhook-template.yaml" \
> "./webhooks/templates/mutating-webhook.yaml"
sed -e 's@${CA_PEM_B64}@'"$ca_pem_b64"'@g' <"./manifests/validating-webhook-template.yaml" \
> "./webhooks/templates/validating-webhook.yaml"