Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / a4f8a459b9eda92cb69761ea5d779b1c3519718c^! / . / cluster / certs / ca-kube-new.crt
commita4f8a459b9eda92cb69761ea5d779b1c3519718c[log] [tgz]
authorSerge Bazanski <q3k@hackerspace.pl>Fri Mar 31 22:34:46 2023 +0000
committerq3k <q3k@hackerspace.pl>Fri Mar 31 22:53:59 2023 +0000
tree71ada388ebad8a8a5698e2c782d2e38b42871c51
parentf6e6abb0f5d32f0d4bfc723db04d475438dd893a [diff] [blame]
cluster: partial cert bump

Done:

 1. etcd peer CA & certs
 2. etcd client CA & certs
 3. kube CA (currently all components set to accept both new and old CA,
    new CA called ca-kube-new)
 4. kube apiserver
 5. kubelet & kube-proxy
 6. prodvider intermediate

TODO:

 1. kubernetes controller-manager & kubernetes scheduler
 2. kubefront CA
 3. admitomatic?
 4. undo bundle on kube CA components to fully transition away from old
    CA

Change-Id: If529eeaed9a6a2063bed23c9d81c57b36b9a0115
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1487
Reviewed-by: q3k <q3k@hackerspace.pl>

diff --git a/cluster/certs/ca-kube-new.crt b/cluster/certs/ca-kube-new.crt
new file mode 100644
index 0000000..825ae1f
--- /dev/null
+++ b/cluster/certs/ca-kube-new.crt

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBZTCCARegAwIBAgIQH2KNL4wIPawUN1HO9EPCejAFBgMrZXAwHTEbMBkGA1UE
+AxMSa3ViZXJuZXRlcyBtYWluIENBMCAXDTIzMDMzMTEyNTI0M1oYDzk5OTkxMjMx
+MjM1OTU5WjAdMRswGQYDVQQDExJrdWJlcm5ldGVzIG1haW4gQ0EwKjAFBgMrZXAD
+IQAqZ7QDUNbcC3XL6jiyL4yEb2CpZJKq4qEPXSNnZ+HdaqNrMGkwDgYDVR0PAQH/
+BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwkw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUycQ+wTWsc0lNe+5ixgJAxIOccw8w
+BQYDK2VwA0EAFTrB2XCpWLOAFbwNzHXM8suamZweWX3YNPyEYeRKJO2f/tEuqcq3
++S29scjKwxjnnX0eLephWLyFrbIxzh3bAA==
+-----END CERTIFICATE-----