blob: 3b661a88ade2ae244bcee5f2b24724665a0cbbf0 [file] [log] [blame]
#/bin/bash
# Creates the SSL cert used by k8s in skia-corp.
set -e -x
source ../kube/corp-config.sh
source ../bash/ramdisk.sh
SUBJ="
C=US
ST=New York
O=
localityName=New York City
commonName=*
organizationalUnitName=Skia
emailAddress=skiabot@google.com
"
cd /tmp/ramdisk
# Create the SSL cert. Details here:
# https://kubernetes.io/docs/user-guide/ingress/#tls
openssl genrsa -out tls.key 2048
openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key tls.key -out tls.csr -passin pass:
openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
# Create the k8s secret.
cat > secret.yaml <<- EOM
apiVersion: v1
data:
tls.crt: $(cat tls.crt | base64 -w 0)
tls.key: $(cat tls.key | base64 -w 0)
kind: Secret
metadata:
name: skia-corp-tls
namespace: default
type: kubernetes.io/tls
EOM
kubectl apply -f secret.yaml
cd -