kubernetes
/
examples
mirror of https://github.com/kubernetes/examples.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

There is now a easier solution to create TLS certs. (#176) 

* There is now a easier solution to create TLS certs.

https://github.com/kubernetes/kubernetes/issues/14017

* Change secret target from Makefile. Use keys target

* Remove BUILD file
This commit is contained in:
Saverio Proto 2018-01-18 22:46:46 +01:00 committed by Ahmet Alp Balkan
parent cfc0109723
commit 52c1d665cf
4 changed files with 3 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
staging/https-nginx/BUILD
View File

@ -1,40 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
)
go_binary(
name = "https-nginx",
library = ":go_default_library",
tags = ["automanaged"],
)
go_library(
name = "go_default_library",
srcs = ["make_secret.go"],
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/api/install:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

3
staging/https-nginx/Makefile
View File

@ -24,9 +24,6 @@ keys:
# The CName used here is specific to the service specified in nginx-app.yaml. # The CName used here is specific to the service specified in nginx-app.yaml.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(KEY) -out $(CERT) -subj "/CN=nginxsvc/O=nginxsvc" openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(KEY) -out $(CERT) -subj "/CN=nginxsvc/O=nginxsvc"
secret:
go run make_secret.go -crt $(CERT) -key $(KEY) > $(SECRET)
container: container:
docker build --pull -t $(PREFIX):$(TAG) . docker build --pull -t $(PREFIX):$(TAG) .

6
staging/https-nginx/README.md
View File

@ -6,10 +6,10 @@ It uses an [nginx server block](http://wiki.nginx.org/ServerBlockExample) to ser
### Generate certificates ### Generate certificates
First generate a self signed rsa key and certificate that the server can use for TLS. This step invokes the make_secret.go script in the same directory, which uses the kubernetes api to generate a secret json config in /tmp/secret.json. First generate a self signed rsa key and certificate that the server can use for TLS.
```sh ```sh
$ make keys secret KEY=/tmp/nginx.key CERT=/tmp/nginx.crt SECRET=/tmp/secret.json $ make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt
``` ```
### Create a https nginx application running in a kubernetes cluster ### Create a https nginx application running in a kubernetes cluster
@ -19,7 +19,7 @@ You need a [running kubernetes cluster](../../docs/getting-started-guides/) for
Create a secret and a configmap. Create a secret and a configmap.
```sh ```sh
$ kubectl create -f /tmp/secret.json $ kubectl create secret tls nginxsecret --key /tmp/nginx.key --cert /tmp/nginx.crt
secret "nginxsecret" created secret "nginxsecret" created
$ kubectl create configmap nginxconfigmap --from-file=examples/https-nginx/default.conf $ kubectl create configmap nginxconfigmap --from-file=examples/https-nginx/default.conf

70
staging/https-nginx/make_secret.go
View File

@ -1,70 +0,0 @@
/*
Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// A small script that converts the given open ssl public/private keys to
// a secret that it writes to stdout as json. Most common use case is to
// create a secret from self signed certificates used to authenticate with
// a devserver. Usage: go run make_secret.go -crt ca.crt -key priv.key > secret.json
package main
import (
"flag"
"fmt"
"io/ioutil"
"log"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/kubernetes/pkg/api"
// This installs the legacy v1 API
_ "k8s.io/kubernetes/pkg/api/install"
)
// TODO:
// Add a -o flag that writes to the specified destination file.
// Teach the script to create crt and key if -crt and -key aren't specified.
var (
crt = flag.String("crt", "", "path to nginx certificates.")
key = flag.String("key", "", "path to nginx private key.")
)
func read(file string) []byte {
b, err := ioutil.ReadFile(file)
if err != nil {
log.Fatalf("Cannot read file %v, %v", file, err)
}
return b
}
func main() {
flag.Parse()
if *crt == "" || *key == "" {
log.Fatalf("Need to specify -crt -key and -template")
}
nginxCrt := read(*crt)
nginxKey := read(*key)
secret := &api.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "nginxsecret",
},
Data: map[string][]byte{
"nginx.crt": nginxCrt,
"nginx.key": nginxKey,
},
}
fmt.Printf(runtime.EncodeOrDie(api.Codecs.LegacyCodec(api.Registry.EnabledVersions()...), secret))
}