initial commit
This commit is contained in:
Gianluca Arbezzano
1
deploy/tls/.gitignore
vendored
Normal file
1
deploy/tls/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
*/
|
||||
7
deploy/tls/Dockerfile
Normal file
7
deploy/tls/Dockerfile
Normal file
@ -0,0 +1,7 @@
|
||||
FROM alpine:3.11
|
||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||
|
||||
RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client
|
||||
RUN apk add --no-cache --update --upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl
|
||||
|
||||
COPY . .
|
||||
17
deploy/tls/ca-config.json
Normal file
17
deploy/tls/ca-config.json
Normal file
@ -0,0 +1,17 @@
|
||||
{
|
||||
"signing": {
|
||||
"default": {
|
||||
"expiry": "168h"
|
||||
},
|
||||
"profiles": {
|
||||
"server": {
|
||||
"expiry": "8760h",
|
||||
"usages": ["signing", "key encipherment", "server auth"]
|
||||
},
|
||||
"signing": {
|
||||
"expiry": "8760h",
|
||||
"usages": ["signing", "key encipherment"]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
12
deploy/tls/ca.in.json
Normal file
12
deploy/tls/ca.in.json
Normal file
@ -0,0 +1,12 @@
|
||||
{
|
||||
"CN": "Autogenerated CA",
|
||||
"key": {
|
||||
"algo": "rsa",
|
||||
"size": 2048
|
||||
},
|
||||
"names": [
|
||||
{
|
||||
"L": "@FACILITY@"
|
||||
}
|
||||
]
|
||||
}
|
||||
13
deploy/tls/entrypoint.sh
Executable file
13
deploy/tls/entrypoint.sh
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# set -o errexit -o nounset -o pipefail
|
||||
|
||||
if [ -z "${TINKERBELL_TLS_CERT:-}" ]; then
|
||||
(
|
||||
echo "creating directory"
|
||||
mkdir -p "certs"
|
||||
./gencerts.sh
|
||||
)
|
||||
fi
|
||||
|
||||
"$@"
|
||||
30
deploy/tls/gencerts.sh
Executable file
30
deploy/tls/gencerts.sh
Executable file
@ -0,0 +1,30 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -eux
|
||||
|
||||
cd /certs
|
||||
|
||||
if [ ! -f ca-key.pem ]; then
|
||||
cfssl gencert \
|
||||
-initca ca.json | cfssljson -bare ca
|
||||
fi
|
||||
|
||||
if [ ! -f server.pem ]; then
|
||||
cfssl gencert \
|
||||
-ca=ca.pem \
|
||||
-ca-key=ca-key.pem \
|
||||
-config=/ca-config.json \
|
||||
-profile=server \
|
||||
server-csr.json |
|
||||
cfssljson -bare server
|
||||
fi
|
||||
|
||||
cat server.pem ca.pem >bundle.pem.tmp
|
||||
|
||||
# only "modify" the file if truly necessary since workflow will serve it with
|
||||
# modtime info for client caching purposes
|
||||
if ! cmp -s bundle.pem.tmp bundle.pem; then
|
||||
mv bundle.pem.tmp bundle.pem
|
||||
else
|
||||
rm bundle.pem.tmp
|
||||
fi
|
||||
19
deploy/tls/server-csr.in.json
Normal file
19
deploy/tls/server-csr.in.json
Normal file
@ -0,0 +1,19 @@
|
||||
{
|
||||
"CN": "tinkerbell",
|
||||
"hosts": [
|
||||
"tinkerbell.registry",
|
||||
"tinkerbell.tinkerbell",
|
||||
"tinkerbell",
|
||||
"localhost",
|
||||
"127.0.0.1"
|
||||
],
|
||||
"key": {
|
||||
"algo": "rsa",
|
||||
"size": 2048
|
||||
},
|
||||
"names": [
|
||||
{
|
||||
"L": "@FACILITY@"
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user