*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/kube-kubelet-bc01n03.hswaw.net.cert b/cluster/certs/kube-kubelet-bc01n03.hswaw.net.cert
new file mode 100644
index 0000000..3939527
--- /dev/null
+++ b/cluster/certs/kube-kubelet-bc01n03.hswaw.net.cert

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIUXfXM+dY4X8VJWHt/56FVD2BnK4gwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0
+MDYyMDMyMDBaFw0yMDA0MDUyMDMyMDBaMIGFMQswCQYDVQQGEwJQTDEUMBIGA1UE
+CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEVMBMGA1UEChMMc3lzdGVt
+Om5vZGVzMRAwDgYDVQQLEwdLdWJlbGV0MSYwJAYDVQQDEx1zeXN0ZW06bm9kZTpi
+YzAxbjAzLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AL39o8eEvKxuTomo/6bb1UyLyjqXHkhqCZOvAQjPTq+GnCikZZj/n2cbIMJ09duO
+sItQtOy7wUWH9gDnlgp8fW4zA+AubhtXITXGTVMlrXps3VWAA3ywxIT3LpeXOHdz
+RLRnSK1g5J5yB+Jid10/Fz8pVV7GTTUnkDVsglyWUkXNpuWJNGrjQacb3l0n0Dr4
+6BssLWSZl0id7Hq3VlFHjgvjGnUkPzYFnhMeS16oAI24diASmAVw3K3nYtQoLroV
+DDN32o7+lAlPMLjVHlCoXUts/lx4Ikm+iQ1JVj5JHgWccg+wjJdH+K+XYaizOcpg
+jsiXli4oxTV7zNxkj/9n75b6XTkeq+CfnYTNZE/iukdlBtZaH9/jCy+c5mZWNPwR
+z9dvkMSA1hrHjJJI70nz6NSsIufLiiBfuqE0JjQvJzvyCS/ioj3xfQI1fVRf1A1E
+Cr2R2T+AXWKPOqLZWtJ/8BY50xMPNZYRDPAuYCRAKoZ7EKr5YbEKzMgk9pMJMYaX
+wASmyBAxOQlfjUBs4nQpgL6XrJ8EQzkOsRJPtD+MjEG9JkSf71pzIIexlwj1NnYa
+/dPdIKaO6UBD3WMJjPhFozRgvmJdzRtH4oJ2p0NpMzTxzSOqh3yyfWQl+Gr3bxWr
+H0ShXe8QV2yvt0ISPzJjHNxG+pv79moribfs1gX5KUYpAgMBAAGjgb0wgbowDgYD
+VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBT1m3RgBiqGCDhqwxutcUg0f9nBzDAfBgNVHSME
+GDAWgBSYMl0OTzMe+wnpiSQTFkJqgNGZ0DA7BgNVHREENDAygh1zeXN0ZW06bm9k
+ZTpiYzAxbjAzLmhzd2F3Lm5ldIIRYmMwMW4wMy5oc3dhdy5uZXQwDQYJKoZIhvcN
+AQELBQADggEBABW6nR/wWc5SRJH+AnkK+YaqL0baO6BtKzNHSLMIHDDDfSufeNUx
+uAMy9j7Or44++9b6jS6nE0cWWMk8BSL1YZ9fTSP6vl9FIDdA9Iezdj92lcC94y08
+pmkI8Zdlk9Jc5NklU4a1gnipWpYU82RfHvoFREotSkn/u3Fp7DmaoWhzDwcRIiiP
++wDeMf9BWt/uVvMo8dCKImWannPI+LNdrqRovNF0sQPxsFAgWby4r/TYPmPbg1E4
+MaGVuvk/dyHw6ijs+Bgy3DQ2virMfEl4UiJ/lTQUra0uVWydMobFLaQXJleQpjC6
+NGAxyBrbIuXCFu9fMppOQrtj2BLBhc3VO/k=
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]