diff --git a/hack/scripts-dev/docker-dns/certs-common-name/Procfile b/hack/scripts-dev/docker-dns/certs-common-name/Procfile new file mode 100644 index 000000000..a0ea061ac --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/Procfile @@ -0,0 +1,6 @@ +# Use goreman to run `go get github.com/mattn/goreman` +etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth + +etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth + +etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth \ No newline at end of file diff --git a/hack/scripts-dev/docker-dns/certs-common-name/ca-csr.json b/hack/scripts-dev/docker-dns/certs-common-name/ca-csr.json new file mode 100644 index 000000000..ecafabaad --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/ca-csr.json @@ -0,0 +1,19 @@ +{ + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "O": "etcd", + "OU": "etcd Security", + "L": "San Francisco", + "ST": "California", + "C": "USA" + } + ], + "CN": "ca", + "ca": { + "expiry": "87600h" + } +} diff --git a/hack/scripts-dev/docker-dns/certs-common-name/ca.crt b/hack/scripts-dev/docker-dns/certs-common-name/ca.crt new file mode 100644 index 000000000..00faeca22 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/ca.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDsTCCApmgAwIBAgIUdASu5zT1US/6LPyKmczbC3NgdY4wDQYJKoZIhvcNAQEL +BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH +Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl +Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTQwNjIzMDBaFw0yNzExMTIwNjIz +MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE +BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT +ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDBbE44RP/Tk9l7KShzxQAypatoqDJQL32hyw8plZIfni5XFIlG2GwyjNvX +wiP6u0YcsApZKc58ytqcHQqMyk68OTTxcM+HVWvKHMKOBPBYgXeeVnD+7Ixuinq/ +X6RK3n2jEipFgE9FiAXDNICF3ZQz+HVNBSbzwCjBtIcYkinWHX+kgnQkFT1NnmuZ +uloz6Uh7/Ngn/XPNSsoMyLrh4TwDsx/fQEpVcrXMbxWux1xEHmfDzRKvE7VhSo39 +/mcpKBOwTg4jwh9tDjxWX4Yat+/cX0cGxQ7JSrdy14ESV5AGBmesGHd2SoWhZK9l +tWm1Eq0JYWD+Cd5yNrODTUxWRNs9AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS +BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSZMjlLnc7Vv2mxRMebo5ezJ7gt +pzANBgkqhkiG9w0BAQsFAAOCAQEAA2d2nV4CXjp7xpTQrh8sHzSBDYUNr9DY5hej +52X6q8WV0N3QC7Utvv2Soz6Ol72/xoGajIJvqorsIBB5Ms3dgCzPMy3R01Eb3MzI +7KG/4AGVEiAKUBkNSD8PWD7bREnnv1g9tUftE7jWsgMaPIpi6KhzhyJsClT4UsKQ +6Lp+Be80S293LrlmUSdZ/v7FAvMzDGOLd2iTlTr1fXK6YJJEXpk3+HIi8nbUPvYQ +6O8iOtf5QoCm1yMLJQMFvNr51Z1EeF935HRj8U2MJP5jXPW4/UY2TAUBcWEhlNsK +6od+f1B8xGe/6KHvF0C8bg23kj8QphM/E7HCZiVgdm6FNf54AQ== +-----END CERTIFICATE----- diff --git a/hack/scripts-dev/docker-dns/certs-common-name/gencert.json b/hack/scripts-dev/docker-dns/certs-common-name/gencert.json new file mode 100644 index 000000000..09b67267b --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/gencert.json @@ -0,0 +1,13 @@ +{ + "signing": { + "default": { + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ], + "expiry": "87600h" + } + } +} diff --git a/hack/scripts-dev/docker-dns/certs-common-name/gencerts.sh b/hack/scripts-dev/docker-dns/certs-common-name/gencerts.sh new file mode 100755 index 000000000..efc098f53 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/gencerts.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +if ! [[ "$0" =~ "./gencerts.sh" ]]; then + echo "must be run from 'fixtures'" + exit 255 +fi + +if ! which cfssl; then + echo "cfssl is not installed" + exit 255 +fi + +cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca +mv ca.pem ca.crt +openssl x509 -in ca.crt -noout -text + +# generate wildcard certificates DNS: *.etcd.local +cfssl gencert \ + --ca ./ca.crt \ + --ca-key ./ca-key.pem \ + --config ./gencert.json \ + ./server-ca-csr.json | cfssljson --bare ./server +mv server.pem server.crt +mv server-key.pem server.key.insecure + +rm -f *.csr *.pem *.stderr *.txt diff --git a/hack/scripts-dev/docker-dns/certs-common-name/run.sh b/hack/scripts-dev/docker-dns/certs-common-name/run.sh new file mode 100755 index 000000000..4e7b7ec80 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/run.sh @@ -0,0 +1,255 @@ +#!/bin/sh +rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data + +/etc/init.d/bind9 start + +# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost +cat /dev/null >/etc/hosts + +goreman -f /certs-common-name/Procfile start & + +# TODO: remove random sleeps +sleep 7s + +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379 \ + endpoint health --cluster + +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + put abc def + +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + get abc + +sleep 1s && printf "\n" +echo "Step 1. creating root role" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + role add root + +sleep 1s && printf "\n" +echo "Step 2. granting readwrite 'foo' permission to role 'root'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + role grant-permission root readwrite foo + +sleep 1s && printf "\n" +echo "Step 3. getting role 'root'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + role get root + +sleep 1s && printf "\n" +echo "Step 4. creating user 'root'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --interactive=false \ + user add root:123 + +sleep 1s && printf "\n" +echo "Step 5. granting role 'root' to user 'root'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + user grant-role root root + +sleep 1s && printf "\n" +echo "Step 6. getting user 'root'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + user get root + +sleep 1s && printf "\n" +echo "Step 7. enabling auth" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + auth enable + +sleep 1s && printf "\n" +echo "Step 8. writing 'foo' with 'root:123'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + put foo bar + +sleep 1s && printf "\n" +echo "Step 9. writing 'aaa' with 'root:123'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + put aaa bbb + +sleep 1s && printf "\n" +echo "Step 10. writing 'foo' without 'root:123'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + put foo bar + +sleep 1s && printf "\n" +echo "Step 11. reading 'foo' with 'root:123'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + get foo + +sleep 1s && printf "\n" +echo "Step 12. reading 'aaa' with 'root:123'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + get aaa + +sleep 1s && printf "\n" +echo "Step 13. creating a new user 'test-common-name:test-pass'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + --interactive=false \ + user add test-common-name:test-pass + +sleep 1s && printf "\n" +echo "Step 14. creating a role 'test-role'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + role add test-role + +sleep 1s && printf "\n" +echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + role grant-permission test-role readwrite aaa --prefix + +sleep 1s && printf "\n" +echo "Step 16. getting role 'test-role'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + role get test-role + +sleep 1s && printf "\n" +echo "Step 17. granting role 'test-role' to user 'test-common-name'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=root:123 \ + user grant-role test-common-name test-role + +sleep 1s && printf "\n" +echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=test-common-name:test-pass \ + put aaa bbb + +sleep 1s && printf "\n" +echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=test-common-name:test-pass \ + put bbb bbb + +sleep 1s && printf "\n" +echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=test-common-name:test-pass \ + get aaa + +sleep 1s && printf "\n" +echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + --user=test-common-name:test-pass \ + get bbb + +sleep 1s && printf "\n" +echo "Step 22. writing 'aaa' with CommonName 'test-common-name'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + put aaa ccc + +sleep 1s && printf "\n" +echo "Step 23. reading 'aaa' with CommonName 'test-common-name'" +ETCDCTL_API=3 ./etcdctl \ + --cacert=/certs-common-name/ca.crt \ + --cert=/certs-common-name/server.crt \ + --key=/certs-common-name/server.key.insecure \ + --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \ + get aaa diff --git a/hack/scripts-dev/docker-dns/certs-common-name/server-ca-csr.json b/hack/scripts-dev/docker-dns/certs-common-name/server-ca-csr.json new file mode 100644 index 000000000..6a57789b1 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/server-ca-csr.json @@ -0,0 +1,23 @@ +{ + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "O": "etcd", + "OU": "etcd Security", + "L": "San Francisco", + "ST": "California", + "C": "USA" + } + ], + "CN": "test-common-name", + "hosts": [ + "m1.etcd.local", + "m2.etcd.local", + "m3.etcd.local", + "127.0.0.1", + "localhost" + ] +} diff --git a/hack/scripts-dev/docker-dns/certs-common-name/server.crt b/hack/scripts-dev/docker-dns/certs-common-name/server.crt new file mode 100644 index 000000000..b9719b2f0 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/server.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIERDCCAyygAwIBAgIUO500NxhwBHJsodbGKbo5NsW9/p8wDQYJKoZIhvcNAQEL +BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH +Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl +Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTQwNjIzMDBaFw0yNzExMTIwNjIz +MDBaMH0xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE +BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT +ZWN1cml0eTEZMBcGA1UEAxMQdGVzdC1jb21tb24tbmFtZTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMRvVMj3+5jAhRng4izVm4zrvMBnHNMh2MOFVTp7 +wdhEF2en7pFsKzWgczewil6v4d6QzJpgB9yQzPT2q0SOvetpbqP950y6MdPHAF9D +qZd0+wC+RLdSmK5oQKzgZER/vH3eSbTa1UdwaLBHlT6PiTzGm+gEYL43gr3kle+A +9c7aT9pkJWQFTCSdqwcQopyHEwgrfPHC8Bdn804soG4HtR9Gg/R4xtlu7ir6LTHn +vpPBScaMZDUQ5UNrEMh8TM8/sXG6oxqo86r5wpVQt6vscnTMrTTUqq+Mo/OJnDAf +plaqkWX5NfIJ9tmE2V06hq1/ptQkl714Wb+ske+aJ2Poc/UCAwEAAaOByTCBxjAO +BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG +A1UdEwEB/wQCMAAwHQYDVR0OBBYEFEG2hXyVTpxLXTse3fXe0U/g0F8kMB8GA1Ud +IwQYMBaAFJkyOUudztW/abFEx5ujl7MnuC2nMEcGA1UdEQRAMD6CDW0xLmV0Y2Qu +bG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0Y2QubG9jYWyCCWxvY2FsaG9zdIcE +fwAAATANBgkqhkiG9w0BAQsFAAOCAQEADtH0NZBrWfXTUvTa3WDsa/JPBhiPu/kH ++gRxOD5UNeDX9+QAx/gxGHrCh4j51OUx55KylUe0qAPHHZ4vhgD2lCRBqFLYx69m +xRIzVnt5NCruriskxId1aFTZ5pln5KK5tTVkAp04MBHZOgv8giXdRWn+7TtMyJxj +wVGf8R7/bwJGPPJFrLNtN4EWwXv/a2/SEoZd8fkTxzw12TeJ8w1PnkH4Zer+nzNb +dH5f+OIBGGZ2fIWANX5g9JEJvvsxBBL8uoCrFE/YdnD0fLyhoplSOVEIvncQLHd8 +3QoIVQ5GXnreMF9vuuEU5LlSsqd/Zv5mAQNrbEAfAL+QZQsnHY12qQ== +-----END CERTIFICATE----- diff --git a/hack/scripts-dev/docker-dns/certs-common-name/server.key.insecure b/hack/scripts-dev/docker-dns/certs-common-name/server.key.insecure new file mode 100644 index 000000000..07417b255 --- /dev/null +++ b/hack/scripts-dev/docker-dns/certs-common-name/server.key.insecure @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxG9UyPf7mMCFGeDiLNWbjOu8wGcc0yHYw4VVOnvB2EQXZ6fu +kWwrNaBzN7CKXq/h3pDMmmAH3JDM9ParRI6962luo/3nTLox08cAX0Opl3T7AL5E +t1KYrmhArOBkRH+8fd5JtNrVR3BosEeVPo+JPMab6ARgvjeCveSV74D1ztpP2mQl +ZAVMJJ2rBxCinIcTCCt88cLwF2fzTiygbge1H0aD9HjG2W7uKvotMee+k8FJxoxk +NRDlQ2sQyHxMzz+xcbqjGqjzqvnClVC3q+xydMytNNSqr4yj84mcMB+mVqqRZfk1 +8gn22YTZXTqGrX+m1CSXvXhZv6yR75onY+hz9QIDAQABAoIBABiq+nS6X4gRNSXI +zd5ffMc3m152FHKXH4d+KPPNMsyb0Gyd9CGi+dIkMhPeQaIeaDjw6iDAynvyWyqw +B1X2rvbvKIvDiNZj03oK1YshDh0M/bBcNHjpEG9mfCi5jR3lBKCx14O0r2/nN95b +Puy6TbuqHU4HrrZ0diCuof2Prk6pd0EhQC+C3bZCcoWXOaRTqrMBTT6DdSMQrVKD +eGTXYqCzs/AlGKkOiErKtKWouNpkPpPiba1qp7YWXUasrXqPgPi4d97TmOShGIfc +zXNJT+e2rDX4OEVAJtOt6U2l9QG+PIhpH4P/ZYsvindm4VZBs+Vysrj4xkLgGBBP +ygOfBIECgYEA0IfP9Z9mzvCXiGrkrx2tN/k31cX674P/KwxPgSWM/AdXenYYzsmj +rVcoFx2eCFnBFdPz4BAqEfH70gtsG7OoTmoJSwN6wurIdGcFQwItrghgt9Qp46Dq +AIT9RXSpcB9AjM6p2reCjWcNeBVMrrHU3eaQitCxZbzuxvMMhMs/zzECgYEA8Sak +UhXFtNjxBW6EMNmTpjhShIZmxtPNzTJ5DtmARr8F+SMELp3JGJj/9Bm4TsvqJmGs +j9g/MVvSTjJlOuYPGJ5DBl3egZ5ZlRJx3I2qA4lFFCb71OJzuoR8YdHRlHnhJOu9 +2Jyrki1wrAefby8Fe/+5vswxq2u+Qurjya716AUCgYB+E06ZGzmmLfH/6Vi/wzqC +F+w5FAzGGNECbtv2ogReL/YktRgElgaee45ig2aTd+h0UQQmWL+Gv/3XHU7MZM+C +MTvTHZRwGlD9h3e37q49hRUsr1pwJE6157HU91al0k9NknlBIigNY9vR2VbWW+/u +BUMomkpWz2ax5CqScuvuUQKBgQCE+zYqPe9kpy1iPWuQNKuDQhPfGO6cPjiDK44u +biqa2MRGetTXkBNRCS48QeKtMS3SNJKgUDOo2GXE0W2ZaTxx6vQzEpidCeGEn0NC +yKw0fwIk9spwvt/qvxyIJNhZ9Ev/vDBYvyyt03kKpLl66ocvtfmMCbZqPWQSKs2q +bl0UsQKBgQDDrsPnuVQiv6l0J9VrZc0f5DYZIJmQij1Rcg/fL1Dv2mEpADrH2hkY +HI27Q15dfgvccAGbGXbZt3xi7TCLDDm+Kl9V9bR2e2EhqA84tFryiBZ5XSDRAWPU +UIjejblTgtzrTqUd75XUkNoKvJIGrLApmQiBJRQbcbwtmt2pWbziyQ== +-----END RSA PRIVATE KEY-----