forked from joeholley/supergloo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtls.go
67 lines (61 loc) · 2.19 KB
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"io/ioutil"
"github.com/solo-io/solo-kit/pkg/utils/log"
"k8s.io/client-go/util/cert"
)
// This function generates a self-signed TLS certificate
func main() {
// Generate the CA certificate that will be used to sign the webhook server certificate
caPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("Failed to create CA private key: %v", err)
}
caCert, err := cert.NewSelfSignedCACert(cert.Config{CommonName: "supergloo-webhook-cert-ca"}, caPrivateKey)
if err != nil {
log.Fatalf("Failed to create CA cert: %v", err)
}
caCertPEM := cert.EncodeCertPEM(caCert)
// Generate webhook server certificate
serverCertPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("Failed to create server cert private key: %v", err)
}
serverCertPrivateKeyPEM, err := cert.MarshalPrivateKeyToPEM(serverCertPrivateKey)
if err != nil {
log.Fatalf("Failed to create server cert private key: %v", err)
}
signedServerCert, err := cert.NewSignedCert(cert.Config{
CommonName: "appmesh-sidecar-injector.supergloo-system.svc",
Organization: []string{"solo.io"},
AltNames: cert.AltNames{
DNSNames: []string{
"appmesh-sidecar-injector",
"appmesh-sidecar-injector.supergloo-system",
"appmesh-sidecar-injector.supergloo-system.svc",
"appmesh-sidecar-injector.supergloo-system.svc.cluster.local",
},
},
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
}, serverCertPrivateKey, caCert, caPrivateKey)
if err != nil {
log.Fatalf("Failed to create server cert: %v", err)
}
signedServerCertPEM := cert.EncodeCertPEM(signedServerCert)
// Save all the certificate files
caCertFile := "ca.crt"
serverCertFile := "cert.pem"
serverPrivateKey := "key.pem"
if err := ioutil.WriteFile(caCertFile, caCertPEM, 0644); err != nil {
log.Fatalf("Failed to write CA cert file: %v", err)
}
if err := ioutil.WriteFile(serverCertFile, signedServerCertPEM, 0600); err != nil {
log.Fatalf("Failed to write server cert file: %v", err)
}
if err := ioutil.WriteFile(serverPrivateKey, serverCertPrivateKeyPEM, 0644); err != nil {
log.Fatalf("Failed to write server key file: %v", err)
}
}