Ability to define SSL certificates duration and SSL key size (#3482)

* Ability to specify ssl certificate duration and ssl key size - etcd/secrets

* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script

roles/network_plugin/contiv/tasks/main.yml

@@ -86,8 +86,19 @@
   register: contiv_manifests_results
   when: inventory_hostname in groups['kube-master']
 
+- name: Contiv | Copy certs generation script
+  template:
+    src: "generate-certificate.sh.j2"
+    dest: "/var/contiv/generate-certificate.sh"
+    mode: 0700
+  when:
+    - contiv_enable_api_proxy
+    - contiv_generate_certificate
+  delegate_to: "{{ groups['kube-master'][0] }}"
+  run_once: true
+
 - name: Contiv | Generate contiv-api-proxy certificates
-  script: generate-certificate.sh
+  script: /var/contiv/generate-certificate.sh
   args:
     creates: /var/contiv/auth_proxy_key.pem
   when:

roles/network_plugin/contiv/templates/generate-certificate.sh.j2

@@ -16,8 +16,8 @@ mkdir -p "$PREFIX"
 rm -f $KEY_PATH
 rm -f $CERT_PATH
 
-openssl genrsa -out $KEY_PATH 2048 >/dev/null 2>&1
-openssl req -new -x509 -sha256 -days 36500 \
+openssl genrsa -out $KEY_PATH {{certificates_key_size}} >/dev/null 2>&1
+openssl req -new -x509 -sha256 -days {{certificates_duration}} \
 	-key $KEY_PATH \
 	-out $CERT_PATH \
 	-subj "/C=US/ST=CA/L=San Jose/O=CPSG/OU=IT Department/CN=auth-local.cisco.com"