*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/kube-controllermanager.cert b/cluster/certs/kube-controllermanager.cert
new file mode 100644
index 0000000..9e834f2
--- /dev/null
+++ b/cluster/certs/kube-controllermanager.cert

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdjCCBF6gAwIBAgIUcEMCdXAJRvlOgGKso6iXGykspCQwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0
+MDYyMDQ4MDBaFw0yMDA0MDUyMDQ4MDBaMIG3MQswCQYDVQQGEwJQTDEUMBIGA1UE
+CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEnMCUGA1UEChMec3lzdGVt
+Omt1YmUtY29udHJvbGxlci1tYW5hZ2VyMS8wLQYDVQQLEyZLdWJlcm5ldGVzIENv
+bXBvbmVudCBjb250cm9sbGVybWFuYWdlcjEnMCUGA1UEAxMec3lzdGVtOmt1YmUt
+Y29udHJvbGxlci1tYW5hZ2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAv2pHeZe2AmogDCR2nbfUNVmCdXzL5pKp5suPoaRSV3+/YD8HFa2JpGPucwpd
+zO+vkLtDuEkCxFHh4+Cz2oN0JYMOt2Wstaw883o3eEDnDNxPTyG9ftXnqMJfvp2M
+iLmWOdOkYR/0TMp0k5jaXoTpMFIolztHJ18AaAO+ihpZ+z/MhkQLhczKqX+TKHz5
+OMxmWXzA/WwJS/gOhMObpYHYAwMn+d3ckz5ChrHtJ8o6IQ6aL0kkmMCzPu9/Ht82
+pV3mhitmdMjWwPK7YAcFPR9zZO6ud8THN3zv9ovqKiOMt10zSNeHI8uakFESII/6
+cSi3UUKqmd8qe7I/V0K/Q+Ma2EHDVSuvxrDDYwuMxze3idhY+HoM39Mele+4Alkj
+vhBmOltNZdWvBYLflZzprSay5g+JzkZdUHTp0Hp5TLPu+jYIpMzu3TZjTNQ7tdWa
+y0Cr6Z7dbZlGFJewkEzg8Ku0Lzg52QLDdDsQc4ocHPT7uQej7RRR0+/FsxFr/zJV
+Yv1Q/lsIJidE/hGV7gdupKQ4FxzW+zMkEEfTXqNKlbKcxh5B50598fACD9XwiE2C
+DhIE+MVwL/u7Gvc99r+9eL+1kC8w7PvZx3jWycxgkqQayd0WraTW/71DHFqxxgcL
+pTfb5fo5ZuSyY1fSjq2f8LzCOeSmIyb0HKTVvWa1vo3yiXECAwEAAaOBqzCBqDAO
+BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFAjGzAQ6wd1qf2er14tBEmwSV76JMB8GA1Ud
+IwQYMBaAFJgyXQ5PMx77CemJJBMWQmqA0ZnQMCkGA1UdEQQiMCCCHnN5c3RlbTpr
+dWJlLWNvbnRyb2xsZXItbWFuYWdlcjANBgkqhkiG9w0BAQsFAAOCAQEAQWgcjWP2
+nYF1HLYMZzkfbHaBcCCcPH1WBMBJXCgAHfdREwtj/Y2ouDB7XGcBnq7uwmHdfc72
+TLsduzlSfYIyvefUBa+xRBoZ9jtte7oesryb4VvrtiEgKxeOODjFb8fYgxOphmDK
+/FO7iGO4Fk6hB1P6Tk5+2OkEgJV8UEkIO2oncFCQa4fKnz2KiDjguZtAbXRcAou+
+MpVw0jRKXm0Ih/IFjOxF7tm/rXmk5FQ4aTaoLfBD5WtWVnX2BQmX7VMm8HY/vNfq
+EhYu4qqKxS6u92cRxXXeNHDLex+LMv7/3X/SB+gpd9foeAbPmPZKi/3Awi9u7X48
+jZNAXYMAEMg7sQ==
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]