From 37ec9911d9564bcb46163b1c2c6936a007a91f98 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Wed, 17 Mar 2021 17:28:57 +0100 Subject: [PATCH] chore: non embedding certs for kubeconfig file generation (#238) --- .gitignore | 2 ++ hack/create-user.sh | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 8bb5891b..3e6d0df7 100644 --- a/.gitignore +++ b/.gitignore @@ -24,5 +24,7 @@ bin *~ **/*.kubeconfig +**/*.crt +**/*.key .DS_Store diff --git a/hack/create-user.sh b/hack/create-user.sh index 9e82b87a..e41cded5 100755 --- a/hack/create-user.sh +++ b/hack/create-user.sh @@ -37,8 +37,8 @@ GROUP=capsule.clastix.io TMPDIR=$(mktemp -d) echo "creating certs in TMPDIR ${TMPDIR} " -openssl genrsa -out ${TMPDIR}/tls.key 2048 -openssl req -new -key ${TMPDIR}/tls.key -subj "/CN=${USER}/O=${GROUP}" -out ${TMPDIR}/${USER}-${TENANT}.csr +openssl genrsa -out ${USER}-${TENANT}.key 2048 +openssl req -new -key ${USER}-${TENANT}.key -subj "/CN=${USER}/O=${GROUP}" -out ${TMPDIR}/${USER}-${TENANT}.csr # Clean any previously created CSR for the same user. kubectl delete csr ${USER}-${TENANT} 2>/dev/null || true @@ -64,7 +64,7 @@ kubectl apply -f ${TMPDIR}/${USER}-${TENANT}-csr.yaml # Approve and fetch the signed certificate kubectl certificate approve ${USER}-${TENANT} -kubectl get csr ${USER}-${TENANT} -o jsonpath='{.status.certificate}' | base64 --decode > ${TMPDIR}/tls.crt +kubectl get csr ${USER}-${TENANT} -o jsonpath='{.status.certificate}' | base64 --decode > ${USER}-${TENANT}.crt # Create the kubeconfig file CONTEXT=$(kubectl config current-context) @@ -90,8 +90,8 @@ preferences: {} users: - name: ${USER} user: - client-certificate-data: $(cat ${TMPDIR}/tls.crt | base64 | tr -d '\n') - client-key-data: $(cat ${TMPDIR}/tls.key | base64 | tr -d '\n') + client-certificate: ${USER}-${TENANT}.crt + client-key: ${USER}-${TENANT}.key EOF echo "kubeconfig file is:" ${USER}-${TENANT}.kubeconfig