Switch to generating certs with openssl.

2025-12-14 18:24:24 -05:00
parent 771ec2e38a
commit 1606d569d0
23 changed files with 476 additions and 324 deletions
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -250,13 +250,74 @@ makeScope newScope (
  in
  {
    ca = (callPackage ./package/k8s-ca/package.nix additional_vars);
-    kubernetes = (callPackage ./package/k8s-kubernetes/package.nix additional_vars);
-    service_account = (callPackage ./package/k8s-service-account/package.nix additional_vars);
-    requestheader-client-ca = (
-      callPackage ./package/k8s-requestheader-client-ca/package.nix additional_vars
+    keys = (
+      lib.genAttrs [
+        "admin"
+        "controller0"
+        "controller1"
+        "controller2"
+        "worker0"
+        "worker1"
+        "worker2"
+        "kube-proxy"
+        "kube-scheduler"
+        "kube-controller-manager"
+        "kube-api-server"
+        "service-accounts"
+      ] (key_name: (callPackage ./package/tls-key/package.nix (additional_vars // { inherit key_name; })))
    );
-    controller-proxy = (callPackage ./package/k8s-controller-proxy/package.nix additional_vars);
-    keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
-    deploy_script = (writeShellScript "deploy-keys" deploy_script);
+    client-configs = (
+      builtins.mapAttrs
+        (
+          config_name: config:
+          (callPackage ./package/k8s-client-config/package.nix (
+            additional_vars // { inherit config_name; } // config
+          ))
+        )
+        {
+          controller0 = {
+            config_user = "system:node:controller0";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          controller1 = {
+            config_user = "system:node:controller1";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          controller2 = {
+            config_user = "system:node:controller2";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          worker0 = {
+            config_user = "system:node:worker0";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          worker1 = {
+            config_user = "system:node:worker1";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          worker2 = {
+            config_user = "system:node:worker2";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          kube-proxy = {
+            config_user = "system:kube-proxy";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          kube-controller-manager = {
+            config_user = "system:kube-controller-manager";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          kube-scheduler = {
+            config_user = "system:kube-scheduler";
+            config_server = "https://server.kubernetes.local:6443";
+          };
+          admin = {
+            config_user = "admin";
+            config_server = "https://127.0.0.1:6443";
+          };
+        }
+    );
+    all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
+    deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars);
  }
 )