#/bin/bash #author: tmade #version: 1.5 echo "" echo "Important: The \"Common Name\" (CN) must be the same as the ServiceAccount name (e. g. MyHostname)!" C="DE" ST="BW" L="MyCity" O="MyCompany" OU="MyDepartment" CN="MyHostname" MAIL="test@test.com" CERT="$(echo ~/certs)" if [ -d ${CERT} ] then cd ${CERT} echo "" echo "Changed path to \"${CERT}\"" echo "" else echo "" echo "Directory \"${CERT}\" doesn´t exist, please create it via \"mkdir ${CERT}\" and rerun the script!" echo "" exit 1 fi read -p "Please enter your secure certificate password: " PASSWORD echo "" echo "Your password set to: \"$PASSWORD\"" echo "" dd if=/dev/urandom of=~/.rnd bs=256 count=1 2> /dev/null openssl req -out kubecfg-${CN}.csr -new -newkey rsa:4096 -nodes -keyout kubecfg-${CN}.key -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}/emailAddress=${MAIL}" sudo openssl x509 -req -in kubecfg-${CN}.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out kubecfg-${CN}.crt -days 1000 -sha256 openssl pkcs12 -export -clcerts -inkey kubecfg-${CN}.key -in kubecfg-${CN}.crt -out kubecfg-${CN}.p12 -name "kubernetes-client" -passin pass:$PASSWORD -passout pass:$PASSWORD echo "" echo "Certificates created!" echo "" cat <