cluster: deploy calico and metrics service

commit: af3be426adc0b3d656088fb655549af7ca596ebb [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Thu Jan 17 18:57:19 2019 +0100
committer: Sergiusz Bazanski <q3k@q3k.org> Thu Jan 17 18:57:19 2019 +0100
tree: 722c8013a0797044ddd65291c1ed051e3f97c474
parent: 49b9a13d28d4f33ae8914fa6e78311046aa7b228 [diff] [blame]
diff --git a/tools/clustercfg.py b/tools/clustercfg.py
index a36664a..0426cee 100644
--- a/tools/clustercfg.py
+++ b/tools/clustercfg.py

@@ -221,7 +221,7 @@
             '-reqexts', 'SAN',
         ] if san else []))
 
-        pki.sign(local_csr, local_cert, local_config, days)
+        pki.sign(local_csr, local_cert, local_config if san else None, days)
         os.remove(local_csr)
         os.remove(local_config)
 
@@ -329,6 +329,7 @@
         modified |= shared_cert(p, c, fqdn, 'kube-{}'.format(component), Subject(o, ou, o))
     modified |= shared_cert(p, c, fqdn, 'kube-apiserver', Subject(Subject.hswaw, 'Kubernetes API', cluster), san=['IP:10.10.12.1', 'DNS:' + cluster])
     modified |= shared_cert(p, c, fqdn, 'kube-serviceaccounts', Subject(Subject.hswaw, 'Kubernetes Service Account Signer', 'service-accounts'))
+    modified |= shared_cert(p, c, fqdn, 'kube-calico', Subject(Subject.hswaw, 'Kubernetes Calico Account', 'calico'))
 
     c.run('nixos-rebuild switch')
commit	af3be426adc0b3d656088fb655549af7ca596ebb	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Thu Jan 17 18:57:19 2019 +0100
committer	Sergiusz Bazanski <q3k@q3k.org>	Thu Jan 17 18:57:19 2019 +0100
tree	722c8013a0797044ddd65291c1ed051e3f97c474
parent	49b9a13d28d4f33ae8914fa6e78311046aa7b228 [diff] [blame]