matchbox/scripts/tls/root-ca

#!/bin/bash -e

# define location of openssl binary manually since running this
# script under Vagrant fails on some systems without it
OPENSSL=/usr/bin/openssl

function usage {
    echo "USAGE: $0 <output-dir>"
    echo "  example: $0 ./ssl/ca.pem"
}

if [ -z "$1" ]; then
    usage
    exit 1
fi

OUTDIR="$1"

if [ ! -d $OUTDIR ]; then
    echo "ERROR: output directory does not exist:  $OUTDIR"
    exit 1
fi

OUTFILE="$OUTDIR/ca.pem"

if [ -f "$OUTFILE" ];then
    exit 0
fi

# establish cluster CA and self-sign a cert
$OPENSSL genrsa -out "$OUTDIR/ca-key.pem" 2048
$OPENSSL req -x509 -new -nodes -key "$OUTDIR/ca-key.pem" -days 10000 -out "$OUTFILE" -subj "/CN=kube-ca"