projects / stejau-blog.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aac103b)
(no commit message)
authorstephan48 <stephan48@web>
Sun, 1 Sep 2024 00:55:40 +0000 (02:55 +0200)
committerIkiWiki <ikiwiki.info>
Sun, 1 Sep 2024 00:55:40 +0000 (02:55 +0200)
posts/2024-08-29-k8s-cluster-step-ca-intermediate-with-existing-root.mdwn patch | blob | history

diff --git a/posts/2024-08-29-k8s-cluster-step-ca-intermediate-with-existing-root.mdwn b/posts/2024-08-29-k8s-cluster-step-ca-intermediate-with-existing-root.mdwn
index e1c90b011f8be8df44bbb1a9f6fe9923c46e39bd..282735b1484aaca83e1c58e22967b9e74b93a9b4 100644 (file)
--- a/posts/2024-08-29-k8s-cluster-step-ca-intermediate-with-existing-root.mdwn
+++ b/posts/2024-08-29-k8s-cluster-step-ca-intermediate-with-existing-root.mdwn
@@ -153,7 +153,7 @@ We continue on the step-ca host:
 $ # Copy the signed cert into pki/issued/ca.kubecluster.example.org.crt.
 $ # Copy the root ca crt from pk/ca.crt into pki/ca.crt
 $ pwgen -s 50 1 > pwd
-$ step ca init --password-file=pwd --provisioner-password-file=pwd --name=test1 --key-password-file=pwd --deployment-type=standalone --dns ca.kubecluster.home.stejau.vpn --dns ca.kubecluster.fritz.box --dns step-certificates.step-ca.svc.cluster.local --address=:9000 --provisioner=step-ca-issuer --helm > test1.yaml
+$ step ca init --password-file=pwd --provisioner-password-file=pwd --name=test1 --key-password-file=pwd --deployment-type=standalone --dns ca.kubecluster.example.org --dns step-certificates.step-ca.svc.cluster.local --address=:9000 --provisioner=step-ca-issuer --helm > test1.yaml
 $ cat ./test1.yaml  | yq -o json | jq --arg fingerprint "$(openssl x509 -in pki/ca.crt -noout -fingerprint -sha256 | sed 's/.*=//; s/://g')" --rawfile root_ca_crt pki/ca.crt --rawfile intermediate_ca_pw ./intermediate-pw --rawfile intermediate_ca_key pki/private/ca.kubecluster.home.stejau.vpn.key --rawfile intermediate_ca_crt pki/issued/ca.kubecluster.home.stejau.vpn.crt '.inject.certificates.root_ca = $root_ca_crt | .inject.secrets.x509.root_ca_key = null | .inject.certificates.intermediate_ca = $intermediate_ca_crt | .inject.secrets.x509.intermediate_ca_key = $intermediate_ca_key | .inject.secrets.ca_password = ($intermediate_ca_pw | @base64) | .inject.secrets.provisioner_password = null | .inject.config.files["defaults.json"].fingerprint = $fingerprint' |  yq -o yaml -P | tee test2.yaml
 
 $ # you now have the step-ca config inside test2.yaml.
Stephans Blog Thing