talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Generate certificates for the aggregation layer.

Browse Source
This commit is contained in:
Tom Alexander
2026-01-09 18:19:34 -05:00
parent c0ace47d95
commit fd1ea9e890
13 changed files with 204 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
nix/kubernetes/keys/package/deploy-script/package.nix
View File

@@ -106,21 +106,21 @@ let
}
{
dest_dir = "/vm/${vm_name}/persist/keys/etcd";
file = "${k8s.ca}/ca.crt";
file = "${k8s.ca.client}/client-ca.crt";
owner = 10016;
group = 10016;
mode = "0640";
}
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${k8s.ca}/ca.crt";
file = "${k8s.ca.client}/client-ca.crt";
owner = 10024;
group = 10024;
mode = "0640";
}
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${k8s.ca}/ca.key";
file = "${k8s.ca.client}/client-ca.key";
owner = 10024;
group = 10024;
mode = "0600";
@@ -175,6 +175,33 @@ let
group = 10024;
mode = "0600";
}
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${k8s.ca.requestheader-client}/requestheader-client-ca.crt";
owner = 10024;
group = 10024;
mode = "0640";
}
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${
k8s.keys."${vm_name_to_hostname vm_name}-proxy"
}/${vm_name_to_hostname vm_name}-proxy.crt";
name = "proxy.crt";
owner = 10024;
group = 10024;
mode = "0640";
}
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${
k8s.keys."${vm_name_to_hostname vm_name}-proxy"
}/${vm_name_to_hostname vm_name}-proxy.key";
name = "proxy.key";
owner = 10024;
group = 10024;
mode = "0600";
}
])
)
);
@@ -193,7 +220,7 @@ let
+ (lib.concatMapStringsSep "\n" deploy_file [
{
dest_dir = "/vm/${vm_name}/persist/keys/kube";
file = "${k8s.ca}/ca.crt";
file = "${k8s.ca.client}/client-ca.crt";
owner = 10024;
group = 10024;
mode = "0640";