*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/etcd-calico.cert b/cluster/certs/etcd-calico.cert
new file mode 100644
index 0000000..62d8234
--- /dev/null
+++ b/cluster/certs/etcd-calico.cert

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE9TCCA92gAwIBAgIUe09DNSzrB1J5weALRB+K2BeyvzMwDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxNzU5MDBaFw0y
+MDA0MDUxNzU5MDBaMFsxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MSUwIwYDVQQLExxyb290IGV0Y2QgY2xpZW50IGNl
+cnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvVUZSPAJ
+72SjzIbQ3n/Zq2MnXyDZSP0EvPghPGi5BX4UECR8o6qGxk6vvGVhVlmrf7ecPK8d
+AuMES0gcTwzei0cZkaFD2r5itpx+bE88emafTaJhKgnhYOoZ2gtT/bKISDocjnFz
+oZiLPHu108LJF4x2zIgnmnDvETll0zX3prVTkHQ7SPWpKDr/Pb5YYGPeyKjDWqJs
+9i5B8qcA4BEjZ1OGvfssa9gxaqfCYmLZQ2o4TLzJ/O21mGkP1+9vHwvA7tlJuwsp
+WTH5eYgW35qgDpAHjzQ67fPsj6E69n8eNC/9n5E2DS4GhBYzoiVuNYLl8UWUXeDU
+q3C+P85Z4gWtgarECOsgQw/4ClGQMlt0QqIwb+6XC5UestfoRiDXk6JaGr3l92k0
+g3nRz7IJU0aL+3YChnDxQec/LTVO25hLDUM0he0r5XcpjP/IXiuBwCWlxS6hJhxh
+A2QGkdJlPkeeQhggxoU5ZipM8YPE7tqyTK91+vSkYuZX6+a61u4ks7gNRB0hbwlp
+eEUTQvbDr34FuHaXK4z3z7PXfs1NZENH0BYbpADIDtJgYKvGmUjY8EIXH5gU05u7
+KItUbWlYalxt1pMPFfHWsXjLeglfJ+76D1zFTjsK62gXN2VtU7dqYe/Ix1aCRYFP
+qhyTt4iF/wK6WYn+Cm8fShC5TyA/48DmA/kCAwEAAaOBkzCBkDAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+MAAwHQYDVR0OBBYEFGI6wkiqEwIBAnSmU57VJt/+3dj1MB8GA1UdIwQYMBaAFPFZ
+uGZNPsPnQu6Bo9RGfzlTdfkPMBEGA1UdEQQKMAiCBmNhbGljbzANBgkqhkiG9w0B
+AQsFAAOCAQEADnpq/+89AFr8NGJjphkiDW/pvef3c4+k//6S79NFkEnQaMEKwdte
+Xd/nNnyNYDJHU5AvX823Sv4KNqNSOraIwSSyWMeTrvI1plKkBRJ8+dv26VkHDd5P
++yW75btsdp7TSleisfybGSttre/0AzSRgzTmnM3VkzAIHBOgXXmXi7BV6PeVd6jH
+aEIB/81S2u+j9mmFFMQ1Ur1sDtaLlOzEMH7RURXoXOgHAMYHUNe6tkBhy6/sXXLw
+lnZA6+1Qc/AIj/TcFcjApDL5zJ0ZIbmZscEU42D6hLcAGSHEPcCceXw1TtvmaPKp
+5mOZ0oukyNhXj+5llWNRGIdlnS+sBoGInA==
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]