grafana/hack/make-aggregator-pki.sh

33 lines
1.5 KiB
Bash
Raw Normal View History

#!/usr/bin/env sh
set -o errexit
set -o nounset
set -o pipefail
rm -rf data/grafana-aggregator
mkdir -p data/grafana-aggregator
openssl req -nodes -new -x509 -keyout data/grafana-aggregator/ca.key -out data/grafana-aggregator/ca.crt \
-subj "/C=US/ST=New Sweden/L=Stockholm /O=Grafana/OU=R&D/CN=test-ca/emailAddress=test@grafana.app" -days 3650
openssl req -out data/grafana-aggregator/client.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/client.key \
-subj "/CN=development/O=system:masters" \
-addext "extendedKeyUsage = clientAuth"
openssl x509 -req -days 3650 -in data/grafana-aggregator/client.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \
-set_serial 01 \
-sha256 -out data/grafana-aggregator/client.crt \
-copy_extensions=copyall
openssl req -out data/grafana-aggregator/server.csr -new -newkey rsa:4096 -nodes -keyout data/grafana-aggregator/server.key \
-subj "/CN=localhost/O=aggregated" \
-addext "subjectAltName = DNS:v0alpha1.example.grafana.app.default.svc,DNS:localhost" \
-addext "extendedKeyUsage = serverAuth, clientAuth"
openssl x509 -req -days 3650 -in data/grafana-aggregator/server.csr -CA data/grafana-aggregator/ca.crt -CAkey data/grafana-aggregator/ca.key \
-set_serial 02 \
-sha256 -out data/grafana-aggregator/server.crt \
-copy_extensions=copyall
# Apply broad permissions to certificates/keys so that containers passing these around for
# tests don't run into permission related errors
chmod 755 data/grafana-aggregator/*.*