dockerised make certs omg

mingjie-li · Oct 17, 2018 · 305e565 · 305e565
1 parent 5c9a907
commit 305e565
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/Makefile b/Makefile
@@ -12,10 +12,13 @@ certs: gensecret rmcerts
 .PHONY: gencerts
 gencerts:
 	@echo Generating TLS certs
-	@go get -u github.com/cloudflare/cfssl/cmd/...
+	@docker pull cfssl/cfssl
+	@mkdir -p output
+	@touch output/apiserver.pem
+	@touch output/apiserver-key.pem
 	@openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout $(PURPOSE)-ca.key -out $(PURPOSE)-ca.crt -subj "/CN=ca"
 	@echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","'$(PURPOSE)'"]}}}' > "$(PURPOSE)-ca-config.json"
-	@echo '{"CN":"'$(SERVICE_NAME)'","hosts":[$(ALT_NAMES)],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=metrics-ca.crt -ca-key=metrics-ca.key -config=metrics-ca-config.json - | cfssljson -bare apiserver
+	@echo '{"CN":"'$(SERVICE_NAME)'","hosts":[$(ALT_NAMES)],"key":{"algo":"rsa","size":2048}}' | docker run  -v ${HOME}:${HOME} -v ${PWD}/metrics-ca.key:/go/src/github.com/cloudflare/cfssl/metrics-ca.key -v ${PWD}/metrics-ca.crt:/go/src/github.com/cloudflare/cfssl/metrics-ca.crt -v ${PWD}/metrics-ca-config.json:/go/src/github.com/cloudflare/cfssl/metrics-ca-config.json -i cfssl/cfssl gencert -ca=metrics-ca.crt -ca-key=metrics-ca.key -config=metrics-ca-config.json - | docker run --entrypoint=cfssljson -v ${HOME}:${HOME} -v ${PWD}/output:/go/src/github.com/cloudflare/cfssl/output -i cfssl/cfssl -bare output/apiserver
 
 .PHONY: gensecret
 gensecret: gencerts
@@ -27,12 +30,12 @@ gensecret: gencerts
 	@echo " namespace: monitoring" >> $(SECRET_FILE)
 	@echo "data:" >> $(SECRET_FILE)
 ifeq ($(UNAME), Darwin)
-	@echo " serving.crt: $$(cat apiserver.pem | base64)" >> $(SECRET_FILE)
-	@echo " serving.key: $$(cat apiserver-key.pem | base64)" >> $(SECRET_FILE)
+	@echo " serving.crt: $$(cat output/apiserver.pem | base64)" >> $(SECRET_FILE)
+	@echo " serving.key: $$(cat output/apiserver-key.pem | base64)" >> $(SECRET_FILE)
 endif
 ifeq ($(UNAME), Linux)
-	@echo " serving.crt: $$(cat apiserver.pem | base64 -w 0)" >> $(SECRET_FILE)
-	@echo " serving.key: $$(cat apiserver-key.pem | base64 -w 0)" >> $(SECRET_FILE)
+	@echo " serving.crt: $$(cat output/apiserver.pem | base64 -w 0)" >> $(SECRET_FILE)
+	@echo " serving.key: $$(cat output/apiserver-key.pem | base64 -w 0)" >> $(SECRET_FILE)
 endif
 
 .PHONY: rmcerts