examples: Combine etcd, k8s, docker, and rkt examples

* Different sets of examples subfolders are not needed
2026-01-27 10:19:35 +00:00 · 2016-02-01 23:24:17 -08:00
parent a945c1c660
commit 4e74ae657c
45 changed files with 131 additions and 404 deletions
--- a/scripts/tls/generate-kubernetes-secrets
+++ b/scripts/tls/generate-kubernetes-secrets
@@ -0,0 +1,14 @@
+#!/bin/bash -e
+# USAGE: ./scripts/generate-kubernetes-secrets
+
+DEST=${1:-"assets/tls"}
+
+if [ ! -d "$DEST" ]; then
+  echo "Creating directory $DEST"
+  mkdir -p $DEST
+fi
+
+./scripts/tls/root-ca $DEST
+./scripts/tls/kubernetes-cert $DEST admin kube-admin
+./scripts/tls/kubernetes-cert $DEST apiserver kube-apiserver IP.1=10.3.0.1,IP.2=172.17.0.21
+./scripts/tls/kubernetes-cert $DEST worker kube-worker IP.1=172.17.0.22
--- a/scripts/tls/kubernetes-cert
+++ b/scripts/tls/kubernetes-cert
@@ -0,0 +1,72 @@
+#!/bin/bash -e
+
+# define location of openssl binary manually since running this
+# script under Vagrant fails on some systems without it
+OPENSSL=/usr/bin/openssl
+
+function usage {
+    echo "USAGE: $0 <output-dir> <cert-base-name> <CN> [SAN,SAN,SAN]"
+    echo "  example: $0 ./ssl/ worker kube-worker IP.1=127.0.0.1,IP.2=10.0.0.1"
+}
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+    usage
+    exit 1
+fi
+
+OUTDIR="$1"
+CERTBASE="$2"
+CN="$3"
+SANS="$4"
+
+if [ ! -d $OUTDIR ]; then
+    echo "ERROR: output directory does not exist:  $OUTDIR"
+    exit 1
+fi
+
+OUTFILE="$OUTDIR/$CN.tar"
+
+if [ -f "$OUTFILE" ];then
+    exit 0
+fi
+
+CNF_TEMPLATE="
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = kubernetes
+DNS.2 = kubernetes.default
+"
+echo "Generating SSL artifacts in $OUTDIR"
+
+
+CONFIGFILE="$OUTDIR/$CERTBASE-req.cnf"
+CAFILE="$OUTDIR/ca.pem"
+CAKEYFILE="$OUTDIR/ca-key.pem"
+KEYFILE="$OUTDIR/$CERTBASE-key.pem"
+CSRFILE="$OUTDIR/$CERTBASE.csr"
+PEMFILE="$OUTDIR/$CERTBASE.pem"
+
+CONTENTS="${CAFILE} ${KEYFILE} ${PEMFILE}"
+
+
+# Add SANs to openssl config
+echo "$CNF_TEMPLATE$(echo $SANS | tr ',' '\n')" > "$CONFIGFILE"
+
+$OPENSSL genrsa -out "$KEYFILE" 2048
+$OPENSSL req -new -key "$KEYFILE" -out "$CSRFILE" -subj "/CN=$CN" -config "$CONFIGFILE"
+$OPENSSL x509 -req -in "$CSRFILE" -CA "$CAFILE" -CAkey "$CAKEYFILE" -CAcreateserial -out "$PEMFILE" -days 365 -extensions v3_req -extfile "$CONFIGFILE"
+
+tar -cf $OUTFILE -C $OUTDIR $(for  f in $CONTENTS;do printf "$(basename $f) ";done)
+
+echo "Bundled SSL artifacts into $OUTFILE"
+echo "$CONTENTS"
--- a/scripts/tls/root-ca
+++ b/scripts/tls/root-ca
@@ -0,0 +1,32 @@
+#!/bin/bash -e
+
+# define location of openssl binary manually since running this
+# script under Vagrant fails on some systems without it
+OPENSSL=/usr/bin/openssl
+
+function usage {
+    echo "USAGE: $0 <output-dir>"
+    echo "  example: $0 ./ssl/ca.pem"
+}
+
+if [ -z "$1" ]; then
+    usage
+    exit 1
+fi
+
+OUTDIR="$1"
+
+if [ ! -d $OUTDIR ]; then
+    echo "ERROR: output directory does not exist:  $OUTDIR"
+    exit 1
+fi
+
+OUTFILE="$OUTDIR/ca.pem"
+
+if [ -f "$OUTFILE" ];then
+    exit 0
+fi
+
+# establish cluster CA and self-sign a cert
+$OPENSSL genrsa -out "$OUTDIR/ca-key.pem" 2048
+$OPENSSL req -x509 -new -nodes -key "$OUTDIR/ca-key.pem" -days 10000 -out "$OUTFILE" -subj "/CN=kube-ca"