diff --git a/generate-certs b/generate-certs index 82b0820..582a828 100755 --- a/generate-certs +++ b/generate-certs @@ -26,6 +26,8 @@ export SSL_IP=${SSL_IP} export K8S_NAME=${K8S_NAME:-"omgwtfssl"} export K8S_NAMESPACE=${K8S_NAMESPACE:-"default"} export K8S_SAVE_CA_KEY=${K8S_SAVE_CA_KEY} +export K8S_SAVE_CA_CRT=${K8S_SAVE_CA_CRT} +export K8S_SHOW_SECRET=${K8S_SHOW_SECRET} export OUTPUT=${OUTPUT:-"yaml"} @@ -88,15 +90,8 @@ openssl req -new -key ${SSL_KEY} -out ${SSL_CSR} -subj "/CN=${SSL_SUBJECT}" -con openssl x509 -req -in ${SSL_CSR} -CA ${CA_CERT} -CAkey ${CA_KEY} -CAcreateserial -out ${SSL_CERT} \ -days ${SSL_EXPIRE} -extensions v3_req -extfile ${SSL_CONFIG} > /dev/null || exit 1 -if [[ -z $SILENT ]]; then -echo "====> Complete" -echo "keys can be found in volume mapped to $(pwd)" -echo - -if [[ ${OUTPUT} == "k8s" ]]; then - echo "====> Output results as base64 k8s secrets" - echo "---" - cat << EOM | tee /certs/secret.yaml +# create k8s secret file +cat << EOM > /certs/secret.yaml apiVersion: v1 kind: Secret metadata: @@ -106,19 +101,31 @@ type: kubernetes.io/tls data: EOM if [[ -n $K8S_SAVE_CA_KEY ]]; then - echo -n " ca_key: " | tee -a /certs/secret.yaml - cat $CA_KEY | base64 | tr '\n' ',' | sed 's/,//g' | tee -a /certs/secret.yaml - echo | tee -a /certs/secret.yaml + echo -n " ca.key: " >> /certs/secret.yaml + cat $CA_KEY | base64 | tr '\n' ',' | sed 's/,//g' >> /certs/secret.yaml + echo >> /certs/secret.yaml +fi +if [[ -n $K8S_SAVE_CA_CRT ]]; then + echo -n " ca.crt: " >> /certs/secret.yaml + cat $CA_CERT | base64 | tr '\n' ',' | sed 's/,//g' >> /certs/secret.yaml + echo >> /certs/secret.yaml fi - echo -n " ca_crt: " | tee -a /certs/secret.yaml - cat $CA_CERT | base64 | tr '\n' ',' | sed 's/,//g' | tee -a /certs/secret.yaml - echo | tee -a /certs/secret.yaml - echo -n " ssl_key: " | tee -a /certs/secret.yaml - cat $SSL_KEY | base64 | tr '\n' ',' | sed 's/,//g' | tee -a /certs/secret.yaml - echo | tee -a /certs/secret.yaml - echo -n " ssl_crt: " | tee -a /certs/secret.yaml - cat $SSL_CERT | base64 | tr '\n' ',' | sed 's/,//g' | tee -a /certs/secret.yaml - echo | tee -a /certs/secret.yaml +echo -n " tls.key: " >> /certs/secret.yaml +cat $SSL_KEY | base64 | tr '\n' ',' | sed 's/,//g' >> /certs/secret.yaml +echo >> /certs/secret.yaml +echo -n " tls.crt: " >> /certs/secret.yaml +cat $SSL_CERT | base64 | tr '\n' ',' | sed 's/,//g' >> /certs/secret.yaml +echo >> /certs/secret.yaml + +if [[ -z $SILENT ]]; then +echo "====> Complete" +echo "keys can be found in volume mapped to $(pwd)" +echo + +if [[ ${OUTPUT} == "k8s" ]]; then + echo "====> Output results as base64 k8s secrets" + echo "---" + cat /certs/secret.yaml else echo "====> Output results as YAML" diff --git a/kubernetes/omgwtfssl.yaml b/kubernetes/omgwtfssl.yaml index c15cefa..6ad7614 100644 --- a/kubernetes/omgwtfssl.yaml +++ b/kubernetes/omgwtfssl.yaml @@ -1,3 +1,13 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: omgwtfssl +data: + SSL_SUBJECT: "*.192.168.99.100.xip.io" + SSL_IP: "192.168.99.100" + SSL_EXPIRE: "3600" + SILENT: "true" +--- apiVersion: batch/v1 kind: Job metadata: @@ -6,26 +16,22 @@ spec: template: spec: restartPolicy: Never - containers: + initContainers: - name: omgwtfssl - image: paulczar/omgwtfssl - env: - - name: SSL_SUBJECT - value: "*.192.168.99.100.xip.io" - - name: SSL_IP - value: "192.168.99.100" - - name: SSL_EXPIRE - value: "3600" - - name: OUTPUT - value: "k8s" + image: paulczar/omgwtfssl:latest + envFrom: + - configMapRef: + name: omgwtfssl volumeMounts: - - name: secret-path - mountPath: /k8s + - name: certs-path + mountPath: /certs + containers: - name: kubectl - image: lachlanevenson/k8s-kubectl:v.1.9.3 + image: lachlanevenson/k8s-kubectl:v1.9.3 + command: ["kubectl", "apply", "-f", "/certs/secret.yaml"] volumeMounts: - - name: secret-path - mountPath: /k8s + - name: certs-path + mountPath: /certs volumes: - - name: secret-path + - name: certs-path emptyDir: {} \ No newline at end of file