-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauto-generate-certificates.sh
126 lines (110 loc) · 3.13 KB
/
auto-generate-certificates.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/usr/bin/env bash
set -Eeo pipefail
# You're Welcome - SB
EXPIREDAYS=3650
KUBENAMESPACE=kafka
# Example DNS kafka-service.kafka.svc.cluster.local
##########################################################################################
# Comment this out if you want to provide your own
# # Example:
COMPANY="Acme Corp."
CITY="Boston"
STATE="MA"
COUNTRY="US"
EMAIL="[email protected]"
USER="Stephen Burke"
##########################################################################################
keygen() {
rm -rf output
mkdir -p output
cd output
expect <<- DONE
set timeout -1
spawn keytool -keystore kafka.keystore.jks -alias localhost -keyalg RSA -validity $EXPIREDAYS -genkey -storepass $PASSWD
expect "*Unknown*"
send -- "${USER}\r"
expect "*Unknown*"
send -- "SRE\r"
expect "*Unknown*"
send -- "${COMPANY}\r"
expect "*Unknown*"
send -- "${CITY}\r"
expect "*Unknown*"
send -- "${STATE}\r"
expect "*Unknown*"
send -- "${COUNTRY}\r"
expect "*no*"
send -- "yes\r"
spawn openssl req -new -x509 -keyout ca-key -out ca-cert -days $EXPIREDAYS
expect "*pass*"
send -- "${PASSWD}\r"
expect "*pass*"
send -- "${PASSWD}\r"
expect "Country*"
send -- "${COUNTRY}\r"
expect "State*"
send -- "${STATE}\r"
expect "*city*"
send -- "${CITY}\r"
expect "*company*"
send -- "${COMPANY}\r"
expect "*section*"
send -- "SRE\r"
expect "*server*"
send -- "${FQDN}\r"
expect "Email*"
send -- "${EMAIL}\r"
expect "*no*"
send -- "yes\r"
spawn keytool -keystore kafka.client.truststore.jks -alias CARoot -importcert -file ca-cert -storepass $PASSWD
expect "*no*"
send -- "yes\r"
spawn keytool -keystore kafka.truststore.jks -alias CARoot -importcert -file ca-cert -storepass $PASSWD
expect "*no*"
send -- "yes\r"
spawn keytool -keystore kafka.keystore.jks -alias localhost -certreq -file cert-file -storepass $PASSWD
expect eof
DONE
expect <<- DONE
set timeout -1
spawn openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $EXPIREDAYS -CAcreateserial
expect "*pass*"
send -- "${PASSWD}\r"
spawn keytool -keystore kafka.keystore.jks -alias CARoot -importcert -file ca-cert -storepass $PASSWD
expect "*no*"
send -- "yes\r"
spawn keytool -keystore kafka.keystore.jks -alias localhost -importcert -file cert-signed -storepass $PASSWD
expect eof
DONE
cd ..
}
secretsyaml() {
cd output
KEYSTORE_B64=$(base64 --input kafka.keystore.jks)
TRUSTSTORE_B64=$(base64 --input kafka.truststore.jks)
PASSWORD_B64=$(echo ${PASSWD} | base64)
echo """apiVersion: v1
kind: Namespace
metadata:
name: $KUBENAMESPACE
---
apiVersion: v1
kind: Secret
metadata:
name: kafka-store
namespace: $KUBENAMESPACE
data:
kafka.keystore.jks: $KEYSTORE_B64
kafka.truststore.jks: $TRUSTSTORE_B64
truststore-creds: $PASSWORD_B64
keystore-creds: $PASSWORD_B64
key-creds: $PASSWORD_B64""" > secrets.yaml
cd ..
}
echo;echo -n "Enter the FQDN: "
read FQDN
NAME=$(echo $FQDN | awk -F '.' '{print $1}')
echo -n "Enter a password to use in order to generate them: "
read -s PASSWD
keygen && secretsyaml
kubectl apply -f output/secrets.yaml