From 0ef070229759e4855be75083f20bfc8a9df7cd21 Mon Sep 17 00:00:00 2001
From: Somefive <Somefive@foxmail.com>
Date: Sat, 25 Feb 2023 13:32:01 +0800
Subject: [PATCH] Feat: add cert gen script (#127)

Signed-off-by: Yin Da <yd219913@alibaba-inc.com>
---
 hack/cert-gen/.gitignore |  2 ++
 hack/cert-gen/gen.sh     | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 hack/cert-gen/.gitignore
 create mode 100755 hack/cert-gen/gen.sh

diff --git a/hack/cert-gen/.gitignore b/hack/cert-gen/.gitignore
new file mode 100644
index 00000000..d2b6147f
--- /dev/null
+++ b/hack/cert-gen/.gitignore
@@ -0,0 +1,2 @@
+*.yaml
+cert/*
\ No newline at end of file
diff --git a/hack/cert-gen/gen.sh b/hack/cert-gen/gen.sh
new file mode 100755
index 00000000..670bbefa
--- /dev/null
+++ b/hack/cert-gen/gen.sh
@@ -0,0 +1,26 @@
+SVC_NAME="${SVC_NAME:-kubevela-cluster-gateway}"
+SVC_NAMESPACE="${SVC_NAMESPACE:-vela-system}"
+OUTPUT_DIR=${OUTPUT_DIR:-./cert}
+
+rm -r $OUTPUT_DIR;
+mkdir -p $OUTPUT_DIR;
+cd $OUTPUT_DIR;
+echo "authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = $SVC_NAME
+DNS.2 = $SVC_NAME.$SVC_NAMESPACE.svc" > domain.ext
+openssl req -x509 -sha256 -days 3650 -newkey rsa:2048 -keyout ca.key -out ca -nodes -subj '/O=kubevela' \
+&& openssl ecparam -name prime256v1 -genkey -noout -out apiserver.key \
+&& openssl req -new -key apiserver.key -out apiserver.csr -subj '/O='$SVC_NAME \
+&& openssl x509 -req -in apiserver.csr -CA ca -CAkey ca.key -CAcreateserial -extfile domain.ext -out apiserver.crt -days 3650 -sha256
+
+kubectl create secret generic $SVC_NAME -n $SVC_NAMESPACE \
+  --from-file=ca=ca \
+  --from-file=apiserver.key=apiserver.key \
+  --from-file=apiserver.crt=apiserver.crt \
+  --dry-run=client -oyaml > $SVC_NAME.yaml
+
+cd ..
+mv ./cert/$SVC_NAME.yaml ./