Fix proxy auth tls

nix/kubernetes/keys/package/k8s-ca/files/requestheader-client-ca.conf

@@ -11,7 +11,10 @@ keyUsage         = cRLSign, keyCertSign
 C   = US
 ST  = Washington
 L   = Seattle
-CN  = CA
+CN  = Kubernetes
+O   = Kubernetes
+OU  = CA
+
 
 [controller0-proxy]
 distinguished_name = controller0_distinguished_name
@@ -23,7 +26,7 @@ basicConstraints     = CA:FALSE
 extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
-nsComment            = "controller0 Certificate"
+nsComment            = "controller0-proxy Certificate"
 subjectAltName       = @controller0_alt_names
 subjectKeyIdentifier = hash
 
@@ -36,8 +39,8 @@ L  = Seattle
 
 [controller0_alt_names]
 IP.0  = 127.0.0.1
-IP.4  = 10.215.1.221
+IP.1  = 10.215.1.221
-IP.5  = 2620:11f:7001:7:ffff:ffff:0ad7:01dd
+IP.2  = 2620:11f:7001:7:ffff:ffff:0ad7:01dd
 DNS.0 = controller0
 
 [controller1-proxy]
@@ -50,7 +53,7 @@ basicConstraints     = CA:FALSE
 extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
-nsComment            = "controller1 Certificate"
+nsComment            = "controller1-proxy Certificate"
 subjectAltName       = @controller1_alt_names
 subjectKeyIdentifier = hash
 
@@ -77,7 +80,7 @@ basicConstraints     = CA:FALSE
 extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
-nsComment            = "controller2 Certificate"
+nsComment            = "controller2-proxy Certificate"
 subjectAltName       = @controller2_alt_names
 subjectKeyIdentifier = hash
 
@@ -90,6 +93,6 @@ L  = Seattle
 
 [controller2_alt_names]
 IP.0  = 127.0.0.1
-IP.6  = 10.215.1.223
+IP.1  = 10.215.1.223
-IP.7  = 2620:11f:7001:7:ffff:ffff:0ad7:01df
+IP.2  = 2620:11f:7001:7:ffff:ffff:0ad7:01df
 DNS.0 = controller2