openssl genrsa -out grpc-ca.key 4096
openssl req -x509 -new -nodes -key grpc-ca.key -sha256 -days 30 -out grpc-ca.crt -subj "/C=US/ST=Washington/L=Seattle/O=F5/OU=Dev/CN=ca"
echo "[req_ext]" > server.ext
echo " " >> server.ext
echo "subjectAltName = @alt_names" >> server.ext 
echo " " >> server.ext
echo "[alt_names]" >> server.ext
echo " " >> server.ext
echo "DNS.1 = grpc-svc" >> server.ext
openssl genrsa -out grpc-server.key 4096
openssl req -new -key grpc-server.key -out grpc-server.csr -subj "/C=US/ST=Washington/L=Seattle/O=F5/OU=PD/CN=f5net.com"
openssl x509 -req -in grpc-server.csr -CA grpc-ca.crt -CAkey grpc-ca.key -CAcreateserial -out grpc-server.crt -extensions req_ext -days 365 -sha256 -extfile server.ext
echo "[req_ext]" > client.ext
echo " " >> client.ext
echo "subjectAltName = @alt_names" >> client.ext
echo " " >> client.ext
echo "[alt_names]" >> client.ext
echo " " >> client.ext
echo "email.1 = clientcert@f5net.com" >> client.ext
openssl genrsa -out grpc-client.key 4096
openssl req -new -key grpc-client.key -out grpc-client.csr -subj "/C=US/ST=Washington/L=Seattle/O=F5/OU=PD/CN=f5net.com"
openssl x509 -req -in grpc-client.csr -CA grpc-ca.crt -CAkey grpc-ca.key -set_serial 101 -outform PEM -out grpc-client.crt -extensions req_ext -days 365 -sha256 -extfile client.ext
cat grpc-ca.crt | base64 -w 0 >  grpc-ca-encode.crt
cat grpc-server.crt | base64 -w 0 > grpc-server-encode.crt
cat grpc-client.crt | base64 -w 0 > grpc-client-encode.crt
cat grpc-server.key | base64 -w 0 > grpc-server-encode.key
cat grpc-ca.key | base64 -w 0 >  grpc-ca-encode.key
cat grpc-client.key | base64 -w 0 > grpc-client-encode.key
echo "apiVersion: v1" > keys-secret.yaml
echo "kind: Secret" >> keys-secret.yaml
echo "metadata:" >> keys-secret.yaml
echo " name: keys-secret" >> keys-secret.yaml
echo "data:" >> keys-secret.yaml
echo " grpc-svc.key: `cat grpc-server-encode.key`" >> keys-secret.yaml
echo " priv.key: `cat grpc-ca-encode.key`" >> keys-secret.yaml
echo " f5-ing-demo-f5ingress.key: `cat grpc-client-encode.key`" >> keys-secret.yaml
echo "apiVersion: v1" > certs-secret.yaml
echo "kind: Secret" >> certs-secret.yaml
echo "metadata:" >> certs-secret.yaml
echo " name: certs-secret" >> certs-secret.yaml
echo "data:" >> certs-secret.yaml
echo " grpc-svc.crt: `cat grpc-server-encode.crt`" >> certs-secret.yaml
echo " ca_root.crt: `cat grpc-ca-encode.crt`" >> certs-secret.yaml
echo " f5-ing-demo-f5ingress.crt: `cat grpc-client-encode.crt`" >> certs-secret.yaml
oc new-project spk-ingress
oc apply -f keys-secret.yaml -n spk-ingress
oc apply -f certs-secret.yaml -n spk-ingress