*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/kubefront-apiserver.cert b/cluster/certs/kubefront-apiserver.cert
new file mode 100644
index 0000000..c8fe77b
--- /dev/null
+++ b/cluster/certs/kubefront-apiserver.cert

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFEzCCA/ugAwIBAgIUBrhuHQZXw8Fe+lov3RlTO4t7kBEwDQYJKoZIhvcNAQEL
+BQAwgYcxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE
+BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT
+CmNsdXN0ZXJjZmcxHzAdBgNVBAMTFmt1YmVybmV0ZXMgZnJvbnRlbmQgQ0EwHhcN
+MTkwNDA2MjAzMDAwWhcNMjAwNDA1MjAzMDAwWjBmMQswCQYDVQQGEwJQTDEUMBIG
+A1UECBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEcMBoGA1UECxMTS3Vi
+ZXJuZXRlcyBGcm9udGVuZDESMBAGA1UEAxMJYXBpc2VydmVyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAuVXNUv1oJrLw9XxagSTyHegDeHT71JSdeYWx
+ecOwHSpPZ6HwPsL4L0JDTsrs7uLAyM3FovFX6GIWXGIx84mwQZq/J8ejZ9CvMb/W
+nqJlkJk3wWPqV9p2hz4OYAfu9mNYThV6qBQU6pDbqWoTH7MvIc1YjA8ju2enUDyw
+kce1Y42OmUlguwKtFnZZuC/1tg9kBmAejTaFe98Fq2DB/3N2cH+Qp9QpgmVJDeB+
+ttTAcx6zHKz6ByiBvSkRQ0DkH5AUfiOyfh4B1xOMLCeAodfinQnq00ePYQukPjo5
+Pn7cWqzUjt1l1zkP6NwH9n4IR7p58gxEh9iGHqmHm9+MEU76ohn1wfuuJS9l7mjm
+ft5rOu88RAKZdc804K1RMo+bKcJewt0h3kLd+IbjiojIcUhMS8ePwPav0vnsKk7W
+fZ54VA3pDCuJxEZJbUnuI0ArYIe7paXe1L0fbTnHt/qbmfbMQ/OuCNcqYpoXGPRW
+kicJI8kUeLi6kHpWdwMsV61ZM03RDV1fuWkiilDtwa5t9YC2UKRt5ECPn33JiuuT
+vS3218NGcE7An/yJNbc80nkNFBGMM4/RQsopFTzkhBg5lPS1ON40ls94SyBc9O6e
+A8goJNSKN+ezu+Pr/nufxtmngrm8AOGPi/+mpupGjFxLo+srWXFRHOogpanxdGaB
+/xZzYekCAwEAAaOBljCBkzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKkQFBbQv3W0
+jUMCdTBkmb0YlS7DMB8GA1UdIwQYMBaAFI+XbXEIcmDLzHcqyvkE9KRqvCX0MBQG
+A1UdEQQNMAuCCWFwaXNlcnZlcjANBgkqhkiG9w0BAQsFAAOCAQEAW9DxplTEyKrA
+WM3yC/kkSz9iTSqSO5X3QWFPydvN3nUY2g8CD4f5VYPAZbqljNu2W/dA9LberQl3
+FUh5PM6E1+QekdosHfiQrjBi4mD8G7mVkJBCtrcflerpb6+VhYUlHvMMITbV5wrx
+Hz4/G2Ndym9IqwVBn8Srbjh3w1yYcVUGsQD7HHxJOnE9YknlQH73tMfbyPYsEgUo
+fB5unEBGRrEjqGa2lCWHwxE0MT5WowsKUhKr5ikH3l2AufOnVETfkq24yHi/qKt7
+Lq/303b/5y/2uwC5J0wpiqd71BuwXJoprAMHPjI8b58MKZtMBsYDTBkP8Ls150CP
+PpB6p9/L9w==
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]