*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/etcd-kube.cert b/cluster/certs/etcd-kube.cert
new file mode 100644
index 0000000..ae19bd5
--- /dev/null
+++ b/cluster/certs/etcd-kube.cert

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE8zCCA9ugAwIBAgIUfFMQAZYna+HSa0hSJnqmmJyfSw8wDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxNzU5MDBaFw0y
+MDA0MDUxNzU5MDBaMFsxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MSUwIwYDVQQLExxrdWJlIGV0Y2QgY2xpZW50IGNl
+cnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw5jdxQxt
+ELgpg+M1jib4VklzIJ4ULrKH59xKxs6qK0iGJClc8EFvVEBiuNpqXQ6Vygb8vbGz
+lplo02ivmhPVIFZ4ymk46kxG+w0scNcm/wMAzL1RiJT2nD71eMzYhVzomF5cQRGo
+JvqNpQg88jbTFluqHNFYTkv1HAnS+OMu7sbIm9iGgNfIoBrn/JpV97Rf1x4CaQ3t
+NdlrDxihQcMI4xoG2deIJdxFI6z9Rh7s4nXjBaAz9i8cRJ9v4uaMRq6kv3mBEfki
+Ve2Ql7jHTHwMqS/CsemkSl6IAG7IOQLB9U8xKsFuFPiYX11Xghcoi0MbjH4Qwocw
+vzDxPuttxNfWOr8uy70tCHWJWOajZWKtjj6+z9J4baTpjUu24y786qNkR8OVhjVw
+W+ETlf1I4/dUJN8iP4Zv4ibseJz9EhJZ41jY6+73bZwRao0lKig9Z69538r1wFs/
+1zOJP9YSJnuGA+rIYgdsu1fsq3eUWqJdlEAwpyx1TxfUJvFgx9ni0YfCUhmSb0B8
+b5Jt1TU0Lk1arZJ3NE1qC8gdbY4V+8MEKKfyq5uIlzaLrOQokUo5panfRGxxAFfe
+Y5QZb4jpXmx1W31hb2V1NY73fy2o/4JhEZcpfmjdhoDCgBwlKP2Xf6AFo/wtLdZF
+QhAVmDg5Vy8vcU381QSS08DRysptAZAhIYcCAwEAAaOBkTCBjjAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+MAAwHQYDVR0OBBYEFB3FpZrvkz7oq25DKwzCMiKCCsgMMB8GA1UdIwQYMBaAFPFZ
+uGZNPsPnQu6Bo9RGfzlTdfkPMA8GA1UdEQQIMAaCBGt1YmUwDQYJKoZIhvcNAQEL
+BQADggEBABNwEAoXdjn7fmFTopWrOPK1fw9fHNsLbD5MJt14Gj2XZAirHHj8sPDQ
+Y3SdUhCnI1CUS4TccDGZBVgCIQ/grr6fvXe2rZPnh8n5rfxbUvWhqey4OKekzjEV
+kPPtDZOGqa70jFdlYHjqMPfB1oR6yWJCt7CD5yeWkMlsfnOOI1xU4+2sbOrlkCDa
+FYmywe+m6nEJFh/AJ6luElkOw4XrkV778JzXg6O4qyCWCEqSkgOXLOQqhOfc/qGk
+1YlsSf5AT7Ual2/tYaAW29zPunaZ/jZP8dOBN1r93QYinnnh1E68sOYEsAig3Aff
+nr7TT4YwEp62SkNxAyDVkA1WXC2kTTY=
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]