Created
February 28, 2019 18:20
-
-
Save bjuretko/d15b67aa9c4da1100cf76fae4d86454a to your computer and use it in GitHub Desktop.
Trusted self-signed ingress certs for minikube on macos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| DOMAIN=${1:-example.com} | |
| echo Creating wildcard certificate for *.$DOMAIN with minikube CA. | |
| echo Add minikube CA to our keychain as a trusted CA ... | |
| sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.minikube/certs/ca.pem | |
| echo Create a CSR for our domains *.$DOMAIN ... | |
| openssl req -newkey rsa:2048 -nodes -keyout $DOMAIN.key -subj "/O=$USER/CN=*.$DOMAIN" -out $DOMAIN.csr | |
| echo Create the certificate and sign it by our trusted the minikube CA | |
| # note: SAN extension necessary, as we have no 1:1 CN | |
| openssl x509 -req -extfile <(printf "subjectAltName=DNS:*.$DOMAIN") -days 365 -in $DOMAIN.csr -CA ~/.minikube/certs/ca.pem -CAkey ~/.minikube/certs/ca-key.pem -CAcreateserial -out $DOMAIN.crt | |
| echo Created certificate for *.$DOMAIN ... | |
| echo "Use kubectl create secret tls wildcard-tls --key $DOMAIN.key --cert $DOMAIN.crt to create a tls secret" | |
| echo and use it with ingress tls config: | |
| echo . tls: | |
| echo . - hosts: | |
| echo . - $DOMAIN | |
| echo . - www.$DOMAIN | |
| echo . secretName: wildcard-tls | |
| echo Note: reconfigure your host's DNS or /etc/hosts-file to point *.$DOMAIN to the right IP-adresses. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment