*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/ca-kube.crt b/cluster/certs/ca-kube.crt
new file mode 100644
index 0000000..c44255e
--- /dev/null
+++ b/cluster/certs/ca-kube.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsCgAwIBAgIUfa+oMG9sYHFeuhBgb8wSWHJ7ozUwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0
+MDYxNzU5MDBaFw0yNDA0MDQxNzU5MDBaMIGDMQswCQYDVQQGEwJQTDEUMBIGA1UE
+CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEbMBkGA1UEChMSV2Fyc2F3
+IEhhY2tlcnNwYWNlMRMwEQYDVQQLEwpjbHVzdGVyY2ZnMRswGQYDVQQDExJrdWJl
+cm5ldGVzIG1haW4gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7
+YfhSQTCObcBQrKrb7lhmSKUDqkcBlMxrC1Xx9IUWKpAj8+5evRA/vA1dVss8x75+
+g+6BWCPDJDm51b5KScvRdKZ8ARZOCwiXEDdw/BJUAO/uan3US9Qj6jpV/m3bsMz4
+adGDthA74y5//tD6CVBtMrVjRtpYkO0p4fzPOwNXTCXzDEVFApxoSF3MMmYDViFh
+X/qM/brgK3mh4ZouyPXx6QaL+DCYBu/YKg049Ev3z3NiK1P/t0VeBkvImKurf2Fa
+A27yZ+RsoI8OepN6EL6WsYhQhCSwD+oxB1mMlJkaB/zkVyM+YOro37ugkKgoHhhh
+nCOVyDXJpHa0EGTMMbQDAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBSYMl0OTzMe+wnpiSQTFkJqgNGZ0DANBgkqhkiG
+9w0BAQsFAAOCAQEAIhXBmcWgf/5cO+FAPnYoEi3QoG+EhB5j4wSyKJE+qedV4ogP
+YjztG1BbNAn7Zm6zarJ2JVRjfS56noRj5pvRDBTysLBjirpmsw/v/+/GMSfy1yJA
+0x2OLa8SDh01+hjchaxsjfDCmB11X/HZrGu7QvqQQa7KBFyGriWqXMNMaHXk9gfJ
+Wmz7aVEP0xhksVIml4ShuQqf1C1y1ut7FXfJUPppnvrfjSvR7p6zQgJ+5VAh+k9p
+NBnIrkplq0gGUSgeTu+BMMRS2/AxmSnfvsqvx52mnypWn7fUG+b6IASOesVv1hry
+TgHlXjl3Dv5hQ6//pWi+rgD8wT7OLkLf/ekVvQ==
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]