Fix launching kube-apiserver.

2025-12-14 23:24:23 -05:00
parent edf6d40bf6
commit 3e14efcceb
2 changed files with 100 additions and 25 deletions
--- a/nix/kubernetes/keys/package/deploy-script/package.nix
+++ b/nix/kubernetes/keys/package/deploy-script/package.nix
@@ -85,6 +85,49 @@ let
          group = 10016;
          mode = "0640";
        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.ca}/ca.crt";
+          owner = 10024;
+          group = 10024;
+          mode = "0640";
+        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.keys.kube-api-server}/kube-api-server.crt";
+          owner = 10024;
+          group = 10024;
+          mode = "0640";
+        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.keys.kube-api-server}/kube-api-server.key";
+          owner = 10024;
+          group = 10024;
+          mode = "0600";
+        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.encryption_config}/encryption-config.yaml";
+          name = "encryption-config.yaml";
+          owner = 10024;
+          group = 10024;
+          mode = "0600";
+        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.keys.service-accounts}/service-accounts.crt";
+          owner = 10024;
+          group = 10024;
+          mode = "0640";
+        }
+        {
+          dest_dir = "/vm/${vm_name}/persist/keys/kube";
+          file = "${k8s.keys.service-accounts}/service-accounts.key";
+          owner = 10024;
+          group = 10024;
+          mode = "0600";
+        }
        # {
        #   dest_dir = "/vm/${vm_name}/persist/keys/kube";
        #   file = "${self.kubernetes}/kubernetes.pem";