diff --git a/.gitignore b/.gitignore index f97e046199..b28e45c929 100644 --- a/.gitignore +++ b/.gitignore @@ -25,12 +25,6 @@ controller-gen build/tools/bin npm/debug/http -# certificates -*/**/certs/ -*.crt -*.pem -*.srl - go.work* # scale-test diff --git a/npm/linux.Dockerfile b/npm/linux.Dockerfile index 48036e50b3..f9f0cdf2c3 100644 --- a/npm/linux.Dockerfile +++ b/npm/linux.Dockerfile @@ -8,9 +8,6 @@ RUN CGO_ENABLED=0 go build -v -o /usr/local/bin/azure-npm -ldflags "-X main.vers FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 COPY --from=builder /usr/local/bin/azure-npm /usr/bin/azure-npm -COPY --from=builder /usr/local/src/npm/scripts /usr/local/npm RUN apt-get update && apt-get install -y iptables ipset ca-certificates && apt-get autoremove -y && apt-get clean RUN chmod +x /usr/bin/azure-npm -WORKDIR /usr/local/npm -RUN ./generate_certs.sh ENTRYPOINT ["/usr/bin/azure-npm", "start"] diff --git a/npm/scripts/generate_certs.sh b/npm/scripts/generate_certs.sh deleted file mode 100755 index 22df96102c..0000000000 --- a/npm/scripts/generate_certs.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -CERTS_STAGING_DIR=. -SAN_CNF_FILE=san.cnf -CERTIFICATE_VALIDITY_DAYS=3650 -CERT_SUBJ="/C=US/ST=Washington/L=Redmond/O=Microsoft/OU=Azure/CN=azure-npm.kube-system.svc.cluster.local" - -# Check if openssl is installed -if ! command -v openssl &> /dev/null -then - echo "openssl could not be found" - exit -fi - -# Check if SAN_CNF_FILE exists -if [ ! -f "$SAN_CNF_FILE" ] -then - echo "SAN_CNF_FILE does not exist" - exit -fi - -if [ ! -d "$CERTS_STAGING_DIR" ] -then - echo "Creating $CERTS_STAGING_DIR" - mkdir -p $CERTS_STAGING_DIR -fi - -# Generate the ca certificate and key -openssl req -x509 -newkey rsa:4096 -days $CERTIFICATE_VALIDITY_DAYS -nodes -keyout $CERTS_STAGING_DIR/ca.key -out $CERTS_STAGING_DIR/ca.crt -subj $CERT_SUBJ - -# Create a certificate signing request for the server -openssl req -newkey rsa:4096 -nodes -keyout $CERTS_STAGING_DIR/tls.key -out $CERTS_STAGING_DIR/server-req.pem -config $SAN_CNF_FILE -extensions v3_req -subj $CERT_SUBJ - -# Sign the server certificate with the CA -openssl x509 -req -in $CERTS_STAGING_DIR/server-req.pem -CA $CERTS_STAGING_DIR/ca.crt -CAkey $CERTS_STAGING_DIR/ca.key -CAcreateserial -out $CERTS_STAGING_DIR/tls.crt --days $CERTIFICATE_VALIDITY_DAYS --extfile $SAN_CNF_FILE --extensions v3_req - -# Remove the secret CA key and signing request -rm -rf $CERTS_STAGING_DIR/ca.key $CERTS_STAGING_DIR/server-req.pem diff --git a/npm/scripts/san.cnf b/npm/scripts/san.cnf deleted file mode 100644 index c6b10bac91..0000000000 --- a/npm/scripts/san.cnf +++ /dev/null @@ -1,21 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name (full name) -localityName = Locality Name (eg, city) -organizationName = Organization Name (eg, company) -commonName = Common Name (e.g. server FQDN or YOUR name) - -[ v3_req ] -keyUsage = digitalSignature, nonRepudiation, keyEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = azure-npm.kube-system.svc.cluster.local -DNS.2 = azure-npm.kube-system -DNS.3 = azure-npm -DNS.4 = 0.0.0.0