istio

1
.SUFFIXES: .csr .pem .conf
2
.PRECIOUS: %/ca-key.pem %/ca-cert.pem %/cert-chain.pem
3
.PRECIOUS: %/workload-cert.pem %/key.pem %/workload-cert-chain.pem
4
.SECONDARY: root-cert.csr root-ca.conf %/cluster-ca.csr %/intermediate.conf
5

6
.DEFAULT_GOAL := help
7

8
SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
9

10
include $(SELF_DIR)common.mk
11

12
#------------------------------------------------------------------------
13
##help:		print this help message
14
.PHONY: help
15

16
help:
17
	@fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/##//'
18

19
#------------------------------------------------------------------------
20
##root-ca:	generate root CA files (key and certificate) in current directory.
21
.PHONY: root-ca
22

23
root-ca: root-key.pem root-cert.pem
24

25
root-cert.pem: root-cert.csr root-key.pem
26
	@echo "generating $@"
27
	@openssl x509 -req -sha256 -days $(ROOTCA_DAYS) -signkey root-key.pem \
28
		-extensions req_ext -extfile root-ca.conf \
29
		-in $< -out $@
30

31
root-cert.csr: root-key.pem root-ca.conf
32
	@echo "generating $@"
33
	@openssl req -sha256 -new -key $< -config root-ca.conf -out $@
34

35
root-key.pem:
36
	@echo "generating $@"
37
	@openssl genrsa -out $@ 4096
38
#------------------------------------------------------------------------
39
##<name>-cacerts: generate self signed intermediate certificates for <name> and store them under <name> directory.
40
.PHONY: %-cacerts
41

42
%-cacerts: %/cert-chain.pem
43
	@echo "done"
44

45
%/cert-chain.pem: %/ca-cert.pem root-cert.pem
46
	@echo "generating $@"
47
	@cat $^ > $@
48
	@echo "Intermediate inputs stored in $(dir $<)"
49
	@cp root-cert.pem $(dir $<)
50

51

52
%/ca-cert.pem: %/cluster-ca.csr root-key.pem root-cert.pem
53
	@echo "generating $@"
54
	@openssl x509 -req -sha256 -days $(INTERMEDIATE_DAYS) \
55
		-CA root-cert.pem -CAkey root-key.pem -CAcreateserial\
56
		-extensions req_ext -extfile $(dir $<)/intermediate.conf \
57
		-in $< -out $@
58

59
%/cluster-ca.csr: L=$(dir $@)
60
%/cluster-ca.csr: %/ca-key.pem %/intermediate.conf
61
	@echo "generating $@"
62
	@openssl req -sha256 -new -config $(L)/intermediate.conf -key $< -out $@
63

64
%/ca-key.pem:
65
	@echo "generating $@"
66
	@mkdir -p $(dir $@)
67
	@openssl genrsa -out $@ 4096
68

69
#------------------------------------------------------------------------
70
##<namespace>-certs: generate intermediate certificates and sign certificates for a virtual machine connected to the namespace `<namespace> using serviceAccount `$SERVICE_ACCOUNT` using self signed root certs.
71
.PHONY: %-certs
72

73
%-certs: %/ca-cert.pem %/workload-cert-chain.pem root-cert.pem
74
	@echo "done"
75

76
%/workload-cert-chain.pem: %/workload-cert.pem %/ca-cert.pem root-cert.pem
77
	@echo "generating $@"
78
	@cat $^ > $@
79
	@echo "Intermediate and workload certs stored in $(dir $<)"
80
	@cp root-cert.pem $(dir $@)/root-cert.pem
81

82

83
%/workload-cert.pem: %/workload.csr
84
	@echo "generating $@"
85
	@openssl x509 -sha256 -req -days $(WORKLOAD_DAYS) \
86
		-CA $(dir $<)/ca-cert.pem  -CAkey $(dir $<)/ca-key.pem -CAcreateserial\
87
		-extensions req_ext -extfile $(dir $<)/workload.conf \
88
		-in $< -out $@
89

90
%/workload.csr: L=$(dir $@)
91
%/workload.csr: %/key.pem %/workload.conf
92
	@echo "generating $@"
93
	@openssl req -sha256 -new -config $(L)/workload.conf -key $< -out $@
94

95
%/key.pem:
96
	@echo "generating $@"
97
	@mkdir -p $(dir $@)
98
	@openssl genrsa -out $@ 4096
99