*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/kube-serviceaccounts.cert b/cluster/certs/kube-serviceaccounts.cert
new file mode 100644
index 0000000..684cce9
--- /dev/null
+++ b/cluster/certs/kube-serviceaccounts.cert

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFKjCCBBKgAwIBAgIUGx40+NyFMYjk3UltyhqHHSfyEkkwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0
+MDYyMDMwMDBaFw0yMDA0MDUyMDMwMDBaMHsxCzAJBgNVBAYTAlBMMRQwEgYDVQQI
+EwtNYXpvd2llY2tpZTEPMA0GA1UEBxMGV2Fyc2F3MSswKQYDVQQLEyJLdWJlcm5l
+dGVzIFNlcnZpY2UgQWNjb3VudHMgU2lnbmVyMRgwFgYDVQQDEw9zZXJ2aWNlYWNj
+b3VudHMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDS8y3HM9/PG1K1
+9usXmY3dw7x0NEBH2rHJZET8kwnjifU0uuhQwSAwyqp1RuWWUxrIudgPfZ+TrPFA
+fMNpRnEqzbfPYYboXSmK3Yrc+XXJeD+HvD4UKcR2fL0/muNi9qkLeNhZUuLxrXUQ
+JxZhLokqdLo92yy4sjVCNrqJmqyU78I0XCduFwoxQXW8o6v0kIWZj8SsBkr8SMl9
+1drTG86buI31xf+vl9UWfXhChXQ3tHM5LS2mygHZBW7fGTzxydJxkE9g3rw2Y/lD
+ZnHgHdChV1BL2guYudMmlpYcoAL9womhlvmoMTW2BJb0EoBeQRAy1RgohgelusZm
+wTJeXsmgd2vRIbju6u6Qup2r5p8WIpiDPZVC0XZAacO4/NRsC2cYjsXHgdaid73N
+J1wYcauc+ddha07QSwhwcHtKfv+x8QAVgJ38iJvVK+y+iOJctEbx4UBN5jvwxwwW
+rUnSkXpLL+w4+9q3e/FhBdN7HX9luuiZnCMx/nfUDz29461WSYlx2l5HNatHDugC
+vgBJDnQ/1Aj1BNL7dXGsGuO5jjyAfoKvxOVf03rVTLzLhuN5GhC6liCzJJ0Kfm1w
+EwQgpwFZteIvGvLUCg6WF9nwzZqQ9ZNZaOE3wwFkaPA4bJkOs/S+ZDkTFKl+/wVo
+hF36Rnp6zKI1NT2Rz5bo0ZGnc7KflQIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIF
+oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
+BgNVHQ4EFgQUbrez0M0eXWQD6wus9hshP8quFBQwHwYDVR0jBBgwFoAUmDJdDk8z
+HvsJ6YkkExZCaoDRmdAwGgYDVR0RBBMwEYIPc2VydmljZWFjY291bnRzMA0GCSqG
+SIb3DQEBCwUAA4IBAQAYay9hJEEyj0wBE25FayKEKKT4YM6UiPE0GqOxdyC4J1iv
+GTeb2KpZ/TDnS9oz8+ihyU7IvrtqeDb84rR6Wbb1ae7CaqCPHgrE5CW+O8+jd9TH
+6ZEKcOUDfXWH+2SjQYdFM3NnxXrcdkkgZsy0lZpRu3YWTurzsZI0j8AXLq1W/vgT
+dDMN6jlfQC4HUPMoaFnZFuJel3lU/pB6E0j7ErQf+c8q2knu+jNUjJmet+l7I4VT
+0YJTpY6oVrK1CZ1XFOnhWUCYCBfKZ/05QzkIv4SsE5HfWEIN1Ne51vsnm8JBEpz/
+8elXu6B8P1V/2AXun9/R0v4zkuDm953885MGHrW2
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]