*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/certs/kube-scheduler.cert b/cluster/certs/kube-scheduler.cert
new file mode 100644
index 0000000..1544599
--- /dev/null
+++ b/cluster/certs/kube-scheduler.cert
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFUzCCBDugAwIBAgIUS4QEUvDV3mIJIIuyi1HJ/lmoINkwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0
+MDYyMDMwMDBaFw0yMDA0MDUyMDMwMDBaMIGdMQswCQYDVQQGEwJQTDEUMBIGA1UE
+CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEeMBwGA1UEChMVc3lzdGVt
+Omt1YmUtc2NoZWR1bGVyMScwJQYDVQQLEx5LdWJlcm5ldGVzIENvbXBvbmVudCBz
+Y2hlZHVsZXIxHjAcBgNVBAMTFXN5c3RlbTprdWJlLXNjaGVkdWxlcjCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBALn0N1lfRC1yCA0vXq6T38vAKzzt4ga7
+orfc94IqgR9cGF22j/3heldmiqITFAS1lAZ/mpf4tCJfApNkeBYdDdD6vfHc5t+M
+WTD30vUCFaT1CfYSoYFn2cFJI/oEwi0Zyl6jRw3MkEkH4s6whqMnnAm5j+5thKwu
+97SyCo97fgotvY8SLBPscq0xAe4H0GHgQJgid+qIniYRFuLHVxSYF/iLglWeGrB7
+uP1kzlL6+kyuXtMbGMq8JeCD+LevG5OzhOuiXJVHGK4SN/D/DeRQUpj0KkGhymyr
+nAKtki8nsUAKqnFxxneUGMkUUXQHBgb6fE18fMtX2NlomPSKQr+tKVFM7Xwwn4MR
+xQS9fY5sdjg1pLkBbqpQXnWs4NWo5uF68nWais9gSLFe2tlqELwmuENwEPLHE2Ea
+m6ZcMOZ8UtGYr+MpaEesgeDBJK7uB/fJ5+CCivr1Xi0n77fQn99jt54okf2UuEjY
+x75zrfAHrgtrP5eiaQSvD0DBwXPC5yDBTgFKl+brC1VUcdIF8V9GWWld3aTtlcRi
+zG0aJZeG+kEXv3M2vYjEnmaeJ2jkLSBoiGEyM+Y2377yxe0a5VgfjS8TSYlWFU5A
+QIcA0Ftz6EH4ynftG02bbxo2dJCKClbp+fxnCJcci0DZekBJxIAvG3l9DEC3qiOW
+pY0nOn+0jIjzAgMBAAGjgaIwgZ8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQw8PPX
+ExubjWf7o/eChtV5jnt1kTAfBgNVHSMEGDAWgBSYMl0OTzMe+wnpiSQTFkJqgNGZ
+0DAgBgNVHREEGTAXghVzeXN0ZW06a3ViZS1zY2hlZHVsZXIwDQYJKoZIhvcNAQEL
+BQADggEBALU1R9svNLyFNCOXcyvAg0T9u3mH5SD0F1MQgKrgZTuVKc4/Oa/LOBbD
+wgwp/1eJZ0xkMVTZl3lw6N6KkgtydbZskc2m2qQPBVdv/RFzecKROI2UKvLL+lTS
+HlNIxv6e5T1q2B52o++B4QoEfBhwclxtq0oHPpqu+7ZQ0lGDHeOcIphyMGONOWoT
+s7LzYMB+ud9XTzdB91eIIXcYZz0OlF5qI21URy/Mi6j1RENG8U+GtGmNnkZ3z3Yb
+SAL8hqDlwabD3V44xqKJMfaWzAbXO43t2FTmyi1uUVsfJc3J/fCSZLJNRfyUOMVb
+mJsokVUNYaaOLrHHZz77+k7ruR/KWkM=
+-----END CERTIFICATE-----