Switch to generating certs with openssl.

2025-12-14 18:24:24 -05:00
parent 771ec2e38a
commit 1606d569d0
23 changed files with 476 additions and 324 deletions
--- a/nix/kubernetes/keys/package/k8s-client-config/package.nix
+++ b/nix/kubernetes/keys/package/k8s-client-config/package.nix
@@ -0,0 +1,52 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  stdenv,
+  k8s,
+  kubectl,
+  config_name,
+  config_user,
+  config_server,
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  name = "k8s-client-config-${config_name}";
+  nativeBuildInputs = [ kubectl ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  buildPhase = ''
+    kubectl config set-cluster kubernetes-the-hard-way \
+      --certificate-authority=${k8s.ca}/ca.crt \
+      --embed-certs=true \
+      --server=${config_server} \
+      --kubeconfig=${config_name}.kubeconfig
+
+    kubectl config set-credentials ${config_user} \
+      --client-certificate=${k8s.keys."${config_name}"}/${config_name}.crt \
+      --client-key=${k8s.keys."${config_name}"}/${config_name}.key \
+      --embed-certs=true \
+      --kubeconfig=${config_name}.kubeconfig
+
+    kubectl config set-context default \
+      --cluster=kubernetes-the-hard-way \
+      --user=${config_user} \
+      --kubeconfig=${config_name}.kubeconfig
+
+    kubectl config use-context default \
+      --kubeconfig=${config_name}.kubeconfig
+  '';
+
+  installPhase = ''
+    mkdir "$out"
+    cp "${config_name}.kubeconfig" $out/
+  '';
+})