gencert
Generate simple certs simply
Install via download (currently Linux only)
- Download gencert
- chmod +x gencert
- ./gencert --help
Run via Docker
- Create a Bash alias
alias gencert="docker run -v $PWD/kubecerts:/app gerrywastaken/gencert"
gencert ca /CN=KUBERNETES-CA
gencert admin /CN=admin/O=system:masters
Run via Crystal
- Install Crystal https://crystal-lang.org/install/
- Download this code
- Build
shards build gencert
- Run
bin/gencert --help
Usage
Kubernetes the... ummmm hard way cert generation:
# This script expects a ca.crt and ca.key to exist in the current directory.
# If you do not have one you can just generate it:
gencert ca /CN=KUBERNETES-CA
gencert admin /CN=admin/O=system:masters
gencert kube-controller-manager /CN=system:kube-controller-manager
gencert kube-proxy /CN=system:kube-proxy
gencert kube-scheduler /CN=system:kube-scheduler
gencert service-account /CN=service-accounts
# Pass alternate ips or domains to associate with the certificate
gencert kube-apiserver /CN=kube-apiserver \
--dns kubernetes \
--dns kubernetes.default \
--dns kubernetes.default.svc \
--dns kubernetes.default.svc.cluster.local \
--ip 10.96.0.1 \
--ip 192.168.5.11 \
--ip 192.168.5.12 \
--ip 192.168.5.30 \
--ip 127.0.0.1
# Or you can just pass an openssl config file
gencert etcd-server /CN=etcd-server -c ../openssl-etcd.cnf
gencert worker-1 /CN=system:node:worker-1/O=system:nodes -c ../openssl-worker-1.cnf
Development
- Install Crystal: https://crystal-lang.org/install/
- Download this code and navigate to the directory
- Make your change
- Compile:
shards build --debug gencert
- Test:
bin/gencert --help
Contributing
- Fork it (https://github.com/gerrywastaken/gencert/fork)
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Contributors
- Gerry - creator and maintainer