#!/usr/bin/env bash set -x if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} || -z ${KUBERNETES_VERSION} ]]; then echo "Must set NUM_CONTROLLERS, NUM_WORKERS and KUBERNETES_VERSION (e.g. 'vX.Y.Z') environment variables" exit 1 fi (( NUM_CONTROLLERS-- )) (( NUM_WORKERS-- )) echo '{ "signing": { "default": { "expiry": "8760h" }, "profiles": { "kubernetes": { "usages": ["signing", "key encipherment", "server auth", "client auth"], "expiry": "8760h" } } } }' > ca-config.json echo '{ "CN": "Kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "US", "L": "Portland", "O": "Kubernetes", "OU": "CA", "ST": "Oregon" } ] }' > ca-csr.json cfssl gencert -initca ca-csr.json | cfssljson -bare ca # Verify openssl x509 -in ca.pem -text -noout KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes \ --format 'value(address)') # Order is inefficient but set up to match original example for i in $(eval echo "{0..${NUM_WORKERS}}"); do hosts="${hosts}\t\"worker${i}\",\n" done for i in $(eval echo "{0..${NUM_WORKERS}}"); do hosts="${hosts}\t\"ip-10-240-0-2${i}\",\n" done hosts="${hosts}\t\"10.32.0.1\",\n" for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do hosts="${hosts}\t\"10.240.0.1${i}\",\n" done for i in $(eval echo "{0..${NUM_WORKERS}}"); do hosts="${hosts}\t\"10.240.0.2${i}\",\n" done cat > kubernetes-csr.json <> kubernetes-csr.json cat >> kubernetes-csr.json <