*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/ca-kubefront.crt b/cluster/certs/ca-kubefront.crt
new file mode 100644
index 0000000..f975298
--- /dev/null
+++ b/cluster/certs/ca-kubefront.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4DCCAsigAwIBAgIUTEn1U08zexwAzxq2Mm4Lb8Blhl4wDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxHzAdBgNVBAMTFmt1YmVybmV0ZXMgZnJvbnRlbmQgQ0EwHhcN
+MTkwNDA2MTc1OTAwWhcNMjQwNDA0MTc1OTAwWjCBhzELMAkGA1UEBhMCUEwxFDAS
+BgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQHEwZXYXJzYXcxGzAZBgNVBAoTEldh
+cnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMKY2x1c3RlcmNmZzEfMB0GA1UEAxMW
+a3ViZXJuZXRlcyBmcm9udGVuZCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOMjydBZDBWBH53vz46OpbsFYmv3lDV4QE0SaThbty2viD86T9tOluXQ
+xsJtMkBDKNlChXOkzYWIsurMeiO5ljq/EDCI85Mg5sgSV6gubJep5tVhU8AF0PUs
+OWyoZTLdLRFz6N4GN3zFk4hudHDsjuomoRMiUSokiUVICJsXfPP7ehqu3/ercNmI
+6aMnmfM926SdJhitrzVnvDmXatdi78/3cK6hzZ/SBeSYuSDBZyWjwQuZvZB7DLiq
+SXcMSCgaugeUOTlzcmE/+dP3b0HImZrE4Mie+4TdF13y20kkfEz7f1AW/PfPZhe5
+Ljrs8iLP0WV3V1pekuyWUWG9vUIA9G8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI+XbXEIcmDLzHcqyvkE9KRqvCX0
+MA0GCSqGSIb3DQEBCwUAA4IBAQCMbQ2Zd733LBbBQNKrY0fKl2e4mAdYUkb6fGaW
+sogJfq9npWaBW1B/vWfQ9P7pkik0XG2QnumO6uB6eQpuAHJqZMy9oCJ0VmkVC56w
+eBR69jw6oX7xLOzahzveXtbRMsbdSNK+DtT6tCMal43zEnuJaFWUceCuj/eh3b9j
+OPazETT+U80mse7xzTSOLb8Jlng539HBFqWMHT0UO8CkMQ0vt7WLRrANEBqdu7Do
+8NsnpZl2LD9dljXMjnKafujiT2kQxtB0N3skvLCNoiyxGSoKpQvFnHi2IXJvoN3x
+byeA30u5cQNVhe2/d4aj30jERdokq4lUM1I9HGWNOuHJht1q
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]