From 0f2a5641d9cf521cc860685605bd396a3b95eeb8 Mon Sep 17 00:00:00 2001 From: Michael Russell Date: Mon, 8 Jul 2019 17:17:08 +0200 Subject: [PATCH] Don't mount in the current directory when generating certs This gets really tricky when you are doing docker in docker because the host path of the host doesn't match up properly with the host of the local machine. --- elasticsearch/examples/security/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/elasticsearch/examples/security/Makefile b/elasticsearch/examples/security/Makefile index f3e57f43f..6fe097260 100644 --- a/elasticsearch/examples/security/Makefile +++ b/elasticsearch/examples/security/Makefile @@ -16,12 +16,14 @@ secrets: rm -f elastic-certificates.p12 elastic-certificate.pem elastic-stack-ca.p12 || true && \ kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem || true && \ password=$$([ ! -z "$$ELASTIC_PASSWORD" ] && echo $$ELASTIC_PASSWORD || echo $$(docker run --rm docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) /bin/sh -c "< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c20")) && \ - docker run --rm -i -v $$(pwd):/app -w /app \ + docker run --name helm-charts-certs -i -w /app \ --user $$(id -u):$$(id -g) \ docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) \ /bin/sh -c " \ elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \ elasticsearch-certutil cert --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12" && \ + docker cp helm-charts-certs:/app/elastic-certificates.p12 ./ && \ + docker rm -f helm-charts-certs && \ openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \ kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \ kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \