dobiadi/minikube-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
minikube-setup/linkerd/init.sh
dobiadi 9dce6c79ea Add webhook cert auto-rotating
2025-09-23 23:50:13 +02:00

29 lines
1.3 KiB
Bash
Executable File
Raw Permalink Blame History

step-cli certificate create root.linkerd.cluster.local ca.crt ca.key \
--profile root-ca --no-password --insecure &&
kubectl create secret tls \
linkerd-trust-anchor \
--cert=ca.crt \
--key=ca.key \
--namespace=linkerd &&
yq e -i '.["linkerd-control-plane"].identityTrustAnchorsPEM=load_str("ca.crt")' values.yaml &&
rm ca.crt ca.key
step-cli certificate create webhook.linkerd.cluster.local webhook_ca.crt webhook_ca.key \
--profile root-ca --no-password --insecure --san webhook.linkerd.cluster.local &&
kubectl create secret tls \
webhook-issuer-tls \
--cert=webhook_ca.crt \
--key=webhook_ca.key \
--namespace=linkerd &&
kubectl create secret tls \
webhook-issuer-tls \
--cert=webhook_ca.crt \
--key=webhook_ca.key \
--namespace=linkerd-viz &&
yq e -i '.["linkerd-control-plane"].policyValidator.caBundle=load_str("webhook_ca.crt")' values.yaml &&
yq e -i '.["linkerd-control-plane"].proxyInjector.caBundle=load_str("webhook_ca.crt")' values.yaml &&
yq e -i '.["linkerd-control-plane"].profileValidator.caBundle=load_str("webhook_ca.crt")' values.yaml &&
yq e -i '.["linkerd-viz"].tap.caBundle=load_str("webhook_ca.crt")' ../linkerd-viz/values.yaml &&
yq e -i '.["linkerd-viz"].tapInjector.caBundle=load_str("webhook_ca.crt")' ../linkerd-viz/values.yaml &&
rm webhook_ca.crt webhook_ca.key
Reference in New Issue View Git Blame Copy Permalink