From 9251121fa91a518bc7f60d7589975f917ccc2cc2 Mon Sep 17 00:00:00 2001 From: Serge Bazanski Date: Sat, 1 Apr 2023 13:50:02 +0000 Subject: [PATCH] cluster/certs: remove old kube CA This completes the migration away from the old CA/cert infrastructure. The tool which was used to generate all these certs will come next. It's effectively a reimplementation of clustercfg in Go. We also removed the unused kube-serviceaccounts cert, which was generated by the old tooling for no good reason (we only need a key for service accounts, not an actual cert...). Change-Id: Ied9e5d8fc90c64a6b4b9fdd20c33981410c884b4 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1501 Reviewed-by: q3k --- cluster/certs/ca-kube-new-and-old.crt | 33 ------ cluster/certs/ca-kube-new.crt | 10 -- cluster/certs/ca-kube.crt | 29 ++--- cluster/certs/kube-serviceaccounts.cert | 30 ------ cluster/machines/modules/kube-common.nix | 4 +- .../machines/modules/kube-controlplane.nix | 18 +--- cluster/machines/modules/kube-dataplane.nix | 4 +- cluster/secrets/cipher/ca-kube-new.key | 41 ------- cluster/secrets/cipher/ca-kube.key | 101 +++++++----------- 9 files changed, 52 insertions(+), 218 deletions(-) delete mode 100644 cluster/certs/ca-kube-new-and-old.crt delete mode 100644 cluster/certs/ca-kube-new.crt delete mode 100644 cluster/certs/kube-serviceaccounts.cert delete mode 100644 cluster/secrets/cipher/ca-kube-new.key diff --git a/cluster/certs/ca-kube-new-and-old.crt b/cluster/certs/ca-kube-new-and-old.crt deleted file mode 100644 index 6c54778a..00000000 --- a/cluster/certs/ca-kube-new-and-old.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBZTCCARegAwIBAgIQH2KNL4wIPawUN1HO9EPCejAFBgMrZXAwHTEbMBkGA1UE -AxMSa3ViZXJuZXRlcyBtYWluIENBMCAXDTIzMDMzMTEyNTI0M1oYDzk5OTkxMjMx -MjM1OTU5WjAdMRswGQYDVQQDExJrdWJlcm5ldGVzIG1haW4gQ0EwKjAFBgMrZXAD -IQAqZ7QDUNbcC3XL6jiyL4yEb2CpZJKq4qEPXSNnZ+HdaqNrMGkwDgYDVR0PAQH/ -BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUycQ+wTWsc0lNe+5ixgJAxIOccw8w -BQYDK2VwA0EAFTrB2XCpWLOAFbwNzHXM8suamZweWX3YNPyEYeRKJO2f/tEuqcq3 -+S29scjKwxjnnX0eLephWLyFrbIxzh3bAA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID2DCCAsCgAwIBAgIUfa+oMG9sYHFeuhBgb8wSWHJ7ozUwDQYJKoZIhvcNAQEL -BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE -BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT -CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0 -MDYxNzU5MDBaFw0yNDA0MDQxNzU5MDBaMIGDMQswCQYDVQQGEwJQTDEUMBIGA1UE -CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEbMBkGA1UEChMSV2Fyc2F3 -IEhhY2tlcnNwYWNlMRMwEQYDVQQLEwpjbHVzdGVyY2ZnMRswGQYDVQQDExJrdWJl -cm5ldGVzIG1haW4gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7 -YfhSQTCObcBQrKrb7lhmSKUDqkcBlMxrC1Xx9IUWKpAj8+5evRA/vA1dVss8x75+ -g+6BWCPDJDm51b5KScvRdKZ8ARZOCwiXEDdw/BJUAO/uan3US9Qj6jpV/m3bsMz4 -adGDthA74y5//tD6CVBtMrVjRtpYkO0p4fzPOwNXTCXzDEVFApxoSF3MMmYDViFh -X/qM/brgK3mh4ZouyPXx6QaL+DCYBu/YKg049Ev3z3NiK1P/t0VeBkvImKurf2Fa -A27yZ+RsoI8OepN6EL6WsYhQhCSwD+oxB1mMlJkaB/zkVyM+YOro37ugkKgoHhhh -nCOVyDXJpHa0EGTMMbQDAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBSYMl0OTzMe+wnpiSQTFkJqgNGZ0DANBgkqhkiG -9w0BAQsFAAOCAQEAIhXBmcWgf/5cO+FAPnYoEi3QoG+EhB5j4wSyKJE+qedV4ogP -YjztG1BbNAn7Zm6zarJ2JVRjfS56noRj5pvRDBTysLBjirpmsw/v/+/GMSfy1yJA -0x2OLa8SDh01+hjchaxsjfDCmB11X/HZrGu7QvqQQa7KBFyGriWqXMNMaHXk9gfJ -Wmz7aVEP0xhksVIml4ShuQqf1C1y1ut7FXfJUPppnvrfjSvR7p6zQgJ+5VAh+k9p -NBnIrkplq0gGUSgeTu+BMMRS2/AxmSnfvsqvx52mnypWn7fUG+b6IASOesVv1hry -TgHlXjl3Dv5hQ6//pWi+rgD8wT7OLkLf/ekVvQ== ------END CERTIFICATE----- diff --git a/cluster/certs/ca-kube-new.crt b/cluster/certs/ca-kube-new.crt deleted file mode 100644 index 825ae1f3..00000000 --- a/cluster/certs/ca-kube-new.crt +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBZTCCARegAwIBAgIQH2KNL4wIPawUN1HO9EPCejAFBgMrZXAwHTEbMBkGA1UE -AxMSa3ViZXJuZXRlcyBtYWluIENBMCAXDTIzMDMzMTEyNTI0M1oYDzk5OTkxMjMx -MjM1OTU5WjAdMRswGQYDVQQDExJrdWJlcm5ldGVzIG1haW4gQ0EwKjAFBgMrZXAD -IQAqZ7QDUNbcC3XL6jiyL4yEb2CpZJKq4qEPXSNnZ+HdaqNrMGkwDgYDVR0PAQH/ -BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUycQ+wTWsc0lNe+5ixgJAxIOccw8w -BQYDK2VwA0EAFTrB2XCpWLOAFbwNzHXM8suamZweWX3YNPyEYeRKJO2f/tEuqcq3 -+S29scjKwxjnnX0eLephWLyFrbIxzh3bAA== ------END CERTIFICATE----- diff --git a/cluster/certs/ca-kube.crt b/cluster/certs/ca-kube.crt index c44255e4..825ae1f3 100644 --- a/cluster/certs/ca-kube.crt +++ b/cluster/certs/ca-kube.crt @@ -1,23 +1,10 @@ -----BEGIN CERTIFICATE----- -MIID2DCCAsCgAwIBAgIUfa+oMG9sYHFeuhBgb8wSWHJ7ozUwDQYJKoZIhvcNAQEL -BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE -BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT -CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0xOTA0 -MDYxNzU5MDBaFw0yNDA0MDQxNzU5MDBaMIGDMQswCQYDVQQGEwJQTDEUMBIGA1UE -CBMLTWF6b3dpZWNraWUxDzANBgNVBAcTBldhcnNhdzEbMBkGA1UEChMSV2Fyc2F3 -IEhhY2tlcnNwYWNlMRMwEQYDVQQLEwpjbHVzdGVyY2ZnMRswGQYDVQQDExJrdWJl -cm5ldGVzIG1haW4gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7 -YfhSQTCObcBQrKrb7lhmSKUDqkcBlMxrC1Xx9IUWKpAj8+5evRA/vA1dVss8x75+ -g+6BWCPDJDm51b5KScvRdKZ8ARZOCwiXEDdw/BJUAO/uan3US9Qj6jpV/m3bsMz4 -adGDthA74y5//tD6CVBtMrVjRtpYkO0p4fzPOwNXTCXzDEVFApxoSF3MMmYDViFh -X/qM/brgK3mh4ZouyPXx6QaL+DCYBu/YKg049Ev3z3NiK1P/t0VeBkvImKurf2Fa -A27yZ+RsoI8OepN6EL6WsYhQhCSwD+oxB1mMlJkaB/zkVyM+YOro37ugkKgoHhhh -nCOVyDXJpHa0EGTMMbQDAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBSYMl0OTzMe+wnpiSQTFkJqgNGZ0DANBgkqhkiG -9w0BAQsFAAOCAQEAIhXBmcWgf/5cO+FAPnYoEi3QoG+EhB5j4wSyKJE+qedV4ogP -YjztG1BbNAn7Zm6zarJ2JVRjfS56noRj5pvRDBTysLBjirpmsw/v/+/GMSfy1yJA -0x2OLa8SDh01+hjchaxsjfDCmB11X/HZrGu7QvqQQa7KBFyGriWqXMNMaHXk9gfJ -Wmz7aVEP0xhksVIml4ShuQqf1C1y1ut7FXfJUPppnvrfjSvR7p6zQgJ+5VAh+k9p -NBnIrkplq0gGUSgeTu+BMMRS2/AxmSnfvsqvx52mnypWn7fUG+b6IASOesVv1hry -TgHlXjl3Dv5hQ6//pWi+rgD8wT7OLkLf/ekVvQ== +MIIBZTCCARegAwIBAgIQH2KNL4wIPawUN1HO9EPCejAFBgMrZXAwHTEbMBkGA1UE +AxMSa3ViZXJuZXRlcyBtYWluIENBMCAXDTIzMDMzMTEyNTI0M1oYDzk5OTkxMjMx +MjM1OTU5WjAdMRswGQYDVQQDExJrdWJlcm5ldGVzIG1haW4gQ0EwKjAFBgMrZXAD +IQAqZ7QDUNbcC3XL6jiyL4yEb2CpZJKq4qEPXSNnZ+HdaqNrMGkwDgYDVR0PAQH/ +BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUycQ+wTWsc0lNe+5ixgJAxIOccw8w +BQYDK2VwA0EAFTrB2XCpWLOAFbwNzHXM8suamZweWX3YNPyEYeRKJO2f/tEuqcq3 ++S29scjKwxjnnX0eLephWLyFrbIxzh3bAA== -----END CERTIFICATE----- diff --git a/cluster/certs/kube-serviceaccounts.cert b/cluster/certs/kube-serviceaccounts.cert deleted file mode 100644 index c1432681..00000000 --- a/cluster/certs/kube-serviceaccounts.cert +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFKjCCBBKgAwIBAgIUKG3oH/n3UTBj+Wu2ojqjcvx5PIEwDQYJKoZIhvcNAQEL -BQAwgYMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tpZTEPMA0GA1UE -BxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2UxEzARBgNVBAsT -CmNsdXN0ZXJjZmcxGzAZBgNVBAMTEmt1YmVybmV0ZXMgbWFpbiBDQTAeFw0yMjA0 -MDQxNjQ4MDBaFw0yMzA0MDQxNjQ4MDBaMHsxCzAJBgNVBAYTAlBMMRQwEgYDVQQI -EwtNYXpvd2llY2tpZTEPMA0GA1UEBxMGV2Fyc2F3MSswKQYDVQQLEyJLdWJlcm5l -dGVzIFNlcnZpY2UgQWNjb3VudHMgU2lnbmVyMRgwFgYDVQQDEw9zZXJ2aWNlYWNj -b3VudHMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDFSCquXVjQANUN -IIkGFgsgrCKxqF4gT1sxIcDnsoyncEXnsdqfYAn3yvi0iEZq0JwMkAhWI9k9oAV4 -DOW3hMBrqWZUjRnHPwUwoewvUwqCZyjOzhFSyy2E2iEq7yfrZkgxVVHIdUMoq179 -/jRRa8fk/oUmqiiQNWy//q6VX1ASX7elh4oKfwRMFwnf6vQO7WUm2wqlbYNHaGji -XDMVuGUyx8XG/F0c1YrAQPIPx5vU6GVV+Qpdl38E/wDIUCS/RPml8M2Q5eBljo2P -Xhr26tO2OQuOu5UBvzg4e7k1rEKsMlwQSATB2PIVyLNQrWN6zUuI2pV2OUE6Oreh -ZI6qpZ3eo+QJi496QriZeZ6tLnzoPPaw9QIJG03Si25PjT7p1ULEx7EQ2OOcBBXj -UoQF1KDkqoqJ5GEqA2ie/U9FhobFUaQpqiZsOWYG08u9oERzNnK+h057XjLsblod -Bi4d2x+oLFi0q2V/zb6yts3jHicTEyAXCkOq3q6pFd7N8YUbSU5Og8Bgk6KzPoSb -Klg6L8ttDwXXQRNl4/1CR6+17hFCECoKRVKvTeOX0O7Rl/raWpL5WmBZohpaDfQf -VpRBONC4p9K73bnlK7P1E38DrrWO4kO7xrmGF0KuRXVCzBZngG+8dpHJMBg7CyH0 -Wv3ZmrcEgb0rRwWYj8LY71EQzO2D2QIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIF -oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd -BgNVHQ4EFgQUliCshdOww6BLgNw1Cu+0XiqCpg8wHwYDVR0jBBgwFoAUmDJdDk8z -HvsJ6YkkExZCaoDRmdAwGgYDVR0RBBMwEYIPc2VydmljZWFjY291bnRzMA0GCSqG -SIb3DQEBCwUAA4IBAQB0TgFEGt81zI2+XyWta2qR3PiDdwEaQ6OxIqfNqhEmu7M0 -+wcg6NQG9/X1KBlb/5/hOsqXLG0GIh9bd2e6owvI09iraZt3LaHopP7YuvNyh2g/ -ZrPKyGxz9WAOknqeyO3fqqw8ILAKQSX89XWD4USJDFS+i6vEAnJLvezp0Z2A3k2B -bG/pROkAceJDZd70X0wsZwv5waRK9lYp4zusx19sQFBhQg1YWBzZwXbS8ix4oxsh -vDaECT4dldtFIt+JaYX3ZKjIpqnDD2byNKiKuECZX9D3CISEQJ7LE/jxgXGrw3vt -uOrngO061LXvLBOn/L39KmX2Yx0iJayDLKsHvqAR ------END CERTIFICATE----- diff --git a/cluster/machines/modules/kube-common.nix b/cluster/machines/modules/kube-common.nix index f4c6066c..6707efaf 100644 --- a/cluster/machines/modules/kube-common.nix +++ b/cluster/machines/modules/kube-common.nix @@ -86,9 +86,7 @@ in { # We do not use any nixpkgs predefined roles for k8s. Instead, we enable # k8s components manually. roles = []; - # TODO(q3k): undo after CA migration done - #caFile = cfg.pki.kube.apiserver.ca; - caFile = ../../certs/ca-kube-new-and-old.crt; + caFile = cfg.pki.kube.apiserver.ca; clusterCidr = "10.10.16.0/20"; addons.dns.enable = false; }; diff --git a/cluster/machines/modules/kube-controlplane.nix b/cluster/machines/modules/kube-controlplane.nix index d38b91fc..f503924c 100644 --- a/cluster/machines/modules/kube-controlplane.nix +++ b/cluster/machines/modules/kube-controlplane.nix @@ -82,8 +82,7 @@ in { # k8s components manually. roles = []; addons.dns.enable = false; - # TODO(q3k): undo after CA migration done - #caFile = pki.kube.apiserver.ca; + caFile = pki.kube.apiserver.ca; clusterCidr = "10.10.16.0/20"; apiserver = rec { @@ -103,15 +102,11 @@ in { tlsCertFile = pki.kube.apiserver.cert; tlsKeyFile = pki.kube.apiserver.key; - # TODO(q3k): undo after CA migration done - #clientCaFile = pki.kube.apiserver.ca; - clientCaFile = ../../certs/ca-kube-new-and-old.crt; + clientCaFile = pki.kube.apiserver.ca; kubeletHttps = true; # Same CA as main APIServer CA. - # TODO(q3k): undo after CA migration done - #kubeletClientCaFile = pki.kube.apiserver.ca; - kubeletClientCaFile = ../../certs/ca-kube-new-and-old.crt; + kubeletClientCaFile = pki.kube.apiserver.ca; kubeletClientCertFile = pki.kube.apiserver.cert; kubeletClientKeyFile = pki.kube.apiserver.key; @@ -150,24 +145,19 @@ in { leaderElect = true; serviceAccountKeyFile = pki.kube.serviceaccounts.key; rootCaFile = pki.kube.ca; - # TODO(q3k): undo after CA migration done extraOpts = '' --service-cluster-ip-range=10.10.12.0/24 \ --use-service-account-credentials=true \ --secure-port=${toString cfg.portControllerManagerSecure}\ --authentication-kubeconfig=${kubeconfig}\ --authorization-kubeconfig=${kubeconfig}\ - --root-ca-file=${../../certs/ca-kube-new-and-old.crt}\ ''; kubeconfig = pki.kube.controllermanager.config; }; scheduler = let top = config.services.kubernetes; - # TODO(q3k): undo after CA migration done - kubeconfig = top.lib.mkKubeConfig "scheduler" (pki.kube.scheduler.config // { - ca = ../../certs/ca-kube-new-and-old.crt; - }); + kubeconfig = top.lib.mkKubeConfig "scheduler" pki.kube.scheduler.config; in { enable = true; address = "0.0.0.0"; diff --git a/cluster/machines/modules/kube-dataplane.nix b/cluster/machines/modules/kube-dataplane.nix index fd87dbc6..45efcd27 100644 --- a/cluster/machines/modules/kube-dataplane.nix +++ b/cluster/machines/modules/kube-dataplane.nix @@ -72,9 +72,7 @@ in { hostname = fqdn; tlsCertFile = pki.kube.kubelet.cert; tlsKeyFile = pki.kube.kubelet.key; - # TODO(q3k): undo after CA migration done - #clientCaFile = pki.kube.kubelet.ca; - clientCaFile = ../../certs/ca-kube-new-and-old.crt; + clientCaFile = pki.kube.kubelet.ca; nodeIp = config.hscloud.base.ipAddr; networkPlugin = "cni"; clusterDns = "10.10.12.254"; diff --git a/cluster/secrets/cipher/ca-kube-new.key b/cluster/secrets/cipher/ca-kube-new.key deleted file mode 100644 index 09a04276..00000000 --- a/cluster/secrets/cipher/ca-kube-new.key +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP MESSAGE----- - -hQEMAzhuiT4RC8VbAQgAsZHQ4swKPDSXEpnsvc1xrNI73LnD5gtey6Nf3WJ6bk60 -VYpaaX0s79oLmJZe8p64LOJvQO/MIm6kLXLrCQmEKGXbukh0ehVbvMcUtZplWu9T -GqYsbSrGre/QR0HcvIGsid9Mh+R5/87YsBz4n8YW/jy0Q3DczmhKbiEYnvx4/tg3 -qiUgInjCuxblsn0AjgA1sq8Im8IFgaUQ7tCZoAuPbqxJ3KiW+MlmvARjH8WTKDQU -+RJSvJVESSqBdOjwQX0TKkAhUJaaoDXDvgOBYsv3FTd4P2NpJZM2hjQ2VYCNsaQi -HF0maBDfeWs7Hdq57XTolJxQfHKE87hRCTkYPF5ufYUBDANcG2tp6fXqvgEH/i6u -qwKYtT2mNbDUSj2bySDXJERE1qPKlz+F7rO0aXqo/0q60vQ2RjfBVDxtlTBDBbYf -cKuIOIQSslPLQjRxYSKzSDvKxNox5pY8wI/3DttZEYzMAEui/U/ch/sCKE7hGBrh -HPDv9t0zgm605+gRNlJE3oZTFB5fDg2kxWOmhIXT70wdXP1jLM2MR8RC8y5N3s2D -1BgpclfpA+3lrCx9W0AS7w1uPCQT781diNH7zF8GLPqcmD21FIaelxsKl2PLeoVU -mZHYYb4S3NIgkBO8MGQcKnFeCJpH0gRtSlKnhLuWfDV4Fxnbs8WjXD5bm6OEv62t -BIBTS3Q1hKkfdQXDjoSFAgwDodoT8VqRl4UBEAC0bsxhdfMcxLu5LVEsmAxxRTaB -jWcow08Oghq6LdQElhFMlfGLioaaAWKaTdutYl1XHGOjKcrLmX1HQqLgGt1s+YI3 -Fj9UpgGpuGYx1GuJKNSuGVOxeGPma0bxrDDnDxqXUEXZysSKLi/Tiy6Q2gQpczwt -ApN0Pcvv9sg6oF1OX6WrlknxRnc9BGulDQ5a2rAybc+YxhrZr8ynpkAzYZ0a3ZlC -oE/3cH7NOiJY/xPaWxodkYz5Yo94OPKbVtWhRA3BoM5BPnOeKXk3VqxEsSv4r/K+ -kbY/Yt1hZSt5RVbqP+2PpOwgcI1IHV08aI1Dk1IgSVLaIgerfPqyxSD1z/pMJSLW -fKCiLsxB2MQ4HLFAfe3xOm4eTdDtJerLGEKonaJHwlgITy14iPF7t9fZXu5ixbIZ -snv21Bf3Iu/H3PdC3uq4hklAL7slb/GAdPA4b3My0kIyhBghGV8JcUeOsBg76iLE -HWKJQhwlRf/eZP/POwCUu+aalPQQ5DiK1KvfS6Ed1k+sjrHzoXHlmBl0keRmSDMz -/taAzQmgKLTel7nBFrCll/T8Z+A9/DKsnh6BsH4aXNDB+khM4iCkjVQ+iMnRMQyU -969hvVUZ5AA0h3nUq4OhKUrtPayiSodmMh+oZybQ26N0TEmL9osSPQR3z6m/R275 -q27IGQUkUSZ2X+H5V4UCDAPiA8lOXOuz7wEP/0z3g6hJ2VGUV3071ZT3Yv91Xksy -bZpkQBYOIY79A623CbxtUMq23Ddq2Gk4QzutSjNO/cxtm90bmVqMkR6nmkfNW5UJ -eh/Tn+qC4sWnHEKBoi+Sldurwnhg4egA5gcxMXyuh8uzboMcuVhXySPLbEKPAmVB -IYZHsyyl4Mjv30Y80NICoIuXQxdQQcliVP4EgVv7UTfI6ENNQWtVwwTF0pcjssOG -5EvBN/hINsYDB+jQxqQykfp7h3jfYPqv9VcH4a0JXTD6gXIlEdbNYMverU+cXAqO -S+9oVCgXb4a9z3tV44fJ4NCEfk2ifIo65D80WEqPfvgsLMgdcU5l+CARG+XQ68HN -//XnaVhANVoxSlOIW/1kmWGGQSDgcaFXeG+gkeC8ZqMhA/MnkQQ6FJmdI5AXhy6R -P3AIq63OWW0wjvDYsbt85anK0n1LQOpH8UWjoQuCOIlAswOU7td3aPi1UaYofoDD -m4tAzHAzuLIuRu4SdmV+m18GYKvN1bxf/xCdaG7RROgQ5y6asr5UMpwQBhJOGH/b -+y0JOeGDGMCOAxzNtTI8ehIcw+dWK4Yw8WNpbvaii7/r+9YA6arIrdPMoIsJRlUc -GeFZTHCMQi+ZRO+BjF8Rk2X4CIdQ5+DgZp4OY5SR4ssYvUEcJrBOCVHU9l+FA+hS -V7JKcpgk7R/9adWo0qkBcD4R3suCEZX2TsjdIql96LQ9DvodF9zImoHoPjxF/bq2 -bws2vxSuBTYZkhJP04mHtFaZ1LyUYcUZHd5WLqLdHRv+bb1QqoGI/zgX+TY9OiAX -r5KDY1V3nyz3vzsufa4qRq+llOj6xyIT+4T0Qxj9SxTYVTWuwuXHWOHwElRe9gOU -x7LvRgwV7skQU64ASXhmj2ktQAU7IqxeUij15jDjxIMuT+S5Y5xG -=iO70 ------END PGP MESSAGE----- diff --git a/cluster/secrets/cipher/ca-kube.key b/cluster/secrets/cipher/ca-kube.key index ba1c608d..09a04276 100644 --- a/cluster/secrets/cipher/ca-kube.key +++ b/cluster/secrets/cipher/ca-kube.key @@ -1,66 +1,41 @@ -----BEGIN PGP MESSAGE----- -hQEMAzhuiT4RC8VbAQf/TfFp59dCH1CMzBfcHVE2O6TGsFcT+PSxXfi6Z+0yXhLq -WgVgg45T7C/LmHJrTLJ2W+xkN0TRjs+xNu5icgNqnISU/xcTqx78PZKWi+ueY1GU -EFN5utl3o4nh8wXHBXOGf7FwxCHJMKCL6+B0+7vF/Uz1oViiEsVKpW2vc1uvmzg5 -sfoLzFwAne1J6PPc8VSAuoKVEdZNDwB9iR1MkBjD5KMeKd6bx7xZR+1J4Q8EzGKr -MDuihWn+DxsFGnKSGnD45iCC5v2+6Fa1OqXfoElVrZCHRIWIyuVSCxxomRxKGwET -eFUi2881Mta6Tr7ivpW2/oztFGnGBg50hetCfUPV/oUBDANcG2tp6fXqvgEH/0d6 -1H6R6PmaRIhvvbsDHpfbdTfKhPaiSjEogm8riarevG8O27sIlA/ADM6Xl8tSKrsj -wgK5NwI1yj0SnTCB5Qw8OsWP1k3TK0j03zPIbl5I2l/RwVWNGUYxQhS6V7fiwHwG -M/TYxLW4bHhgh5jHwuHftkWjqVKwd5eHS94xGcM6eaaecFIB0hWHLpZAl/bmznBg -HGMXWFlNEGjn6zsiO7pjjCSO4owyCuKL66nTO//ZQfzqY41FM4M3CQ/Y1ONEo4EO -ltWk5IX3v/H4sceRct5L2OC1jMNms02YkSNv7tx+RL67FMX/2Kt7LZXhWBow7skO -QlbHERvH8cEGK42CuQKFAgwDodoT8VqRl4UBD/9bLewyuE9USPiDGfyVIs9bfo9A -DKNwHYL68TeX+y4Jcb8HhmJGzBHjL7M7pedS7efbCizH1ifHqRXfdoeU1zETt6wv -OZ4xKo19NZxoYTht5BfOBbP6FloVikWxrW0Cs4S+ejCnofYcBugSuqaIHJTzIq2P -XBi6B1vqrm4M8lr2tJM1oGOnv6QIG8YUYMpvFU/SsX5bGXToq+R+lfwQJ6Oc3uZx -ILPvKOTnNtrwl7/oyZNqs1k9jlDtiaLTC/0ADZxBcktWD0xxZVoUP9iTUEjqHB4j -kEhHmq57qksFOnSmCv6Qee+ctIdegtlojMRiX/neP04qOR8uLXhVogw/wlQtScp0 -hP8ekCBaTj+mU1U6N6JCyiGt3u0INMUp2nAHhEoAeDZsYHGfZO1gTjimNcelG8lb -wjkZcYV02m+s6ybczgB9p7n9F6dgNyVrWEjNoaoUYrlLoGauzIQOqESF+M5wMHKL -4DDTs255+YnsfeNXCkNiC/b/r7vpHQlQBfs3l3yMIeGSxsdHmsOppR+Ub3ukZADq -uPMoKKWgGObBCFQ9Myk6ccAfSl0/AcCGo5JwEj2B3F1LbeKP4GKMKLzBPhawo0dX -KjtvD4bYAzBOZpgJHygUJYE3X5LjkSFZnQQ1CI1bro2iuMojoVzMMQomHAUzv8Wn -Tlap8tJS6S6Fc7qhSIUCDAPiA8lOXOuz7wEP/0JHntyM6EfDWkbNfMeGiVrAzHtA -mmzE8sgSPn1ysLXzIvaejhUnzG1yZ2FrK7xXVI++64L14bTEWArTts9YEb+eLCqe -IpbSVGCQhOtux0WlaCQElYA7sSgmesAvpojjvo/J0cZE6mWhjScDh6+O9FOsGbxU -f597Nhk/aJlZhFicn3XP6Pqpo6PT1FkOQPKnjHj1w2z9OMdPA/CuTkcVGcxPKAFe -/mL8TYJBvOqPvj0MGOWH8U6AiJ9ziywgaMl732/lf0/KoK76tc2V0Gf7Qh9TOWAH -MdWK2SiY7R7NP3UKWoQX1ZYANfUfMsOJX2lDdq4xJ7KOpPQGvh5c05jHkGhouYTt -M3AA7ek59OGIyOH/oeawfY8KZHrWpEwOD2+tBjhG9bwWnC7vmULtnPQxpe9mw3fU -qShNrjl6FmuahGA79MjJnahJZH9+j08Kv+Ho4fqN+EPAtNas1xc85njpw9gH6NnK -O9jfYKrH8dLmUI9HZyg1Zf2CDarI0KJvlPyZ/iiXvXZ5lK1XWxsiVBBDyyL3R59D -TxM/DjIqZ+zV9V4uwJUEeTGmVfMGLEsPyaLmzBNHaFVLtxnk/sFFPyNWdhCgxk2o -Qnd8TMoe8xtWX9RIj5UmS5lgjWeigSthrCBMoTIi4o248uE8mX8JxQVgbkd2iima -eQXgNHF5EFhjlGu30uoBEIPl7rh9m2uoXgCUoPFaiYVWlDW3PRDfzLWXkIL5DhZ0 -AKvDtILdAghTRXG+lUlf/52jsSwt+cKW6kd26SfGAx+NNoU9zMw3yg59QlL6b0Mj -MP29EC4ZJOsMzWpBQVEKkyl7KBfpUIyeqjzgqeXyOkKfCf+oRMsGQ9uQUHBU8gV1 -lm4hXz7QnY8rdtuerI8RVl+T54HKGCvF9J50PUmEH/uP5vi9W1vnnUy6zq6II5eN -gLRpPXO0e79YkA+058DRhagr1HKhHjRU/jnb2S2X5jyAwdJvH3y8B55jocGtb+MY -qWU+ApVUaQRC0T5vfdsvrdmLSma1+hFA5a++moppZ4IjlX9++wr4iCvuXyb4j03U -TlYuswv5r91xR8bcVJ7gOVeYSBa8/x9B6Eac5xnMRrseVcU8H7nr4HMd+K1p6ZuV -ysU/jNjlLlFebaPZiCibwAimOccM1GfDDM5IuHcebUV4YwTySLB9fniA9TIbSOTX -BeepXKqsKdUsWGALb9lGNYwfFF74e/no9uPbFBFyHpS1cbHVE6SoXMu12D/Audft -AYd9vep3XNH0nbJQhyUsVvyHGxgvzNNmfzSIEkMbbpjhbm2Gw7InAcmaqe/gTfLZ -G8rJaCjl0bShjnQq+3w/Tj8kap0VbPK2m2LESvT8m7C7c9KD/BCuhNyl9wHbmgMf -aiyifLx5le/UIpgwZBZYM8eoUVJBsTpHGPoj/XTO7MONuh6vxFqs9PnxuPqaOOWm -cNbMj0jukTnB7zGvLkKmGR/P+aDZyZJ8cadul+WSeXoMTRlH1pofeBUyYeC2sTLI -mUbSfJR04CSMr+CWDorZ5AOqi8bTNQrepDcED6RhMPo53NF9xQdpZvcGTXIWG5ZI -MO+z08YpH7gkKGAa0J1VCeGdAW5533n61TlD793Xk1NVvuvy3RpNpkiQtdcwmGGK -JMfEtTtMVoaWxWB21TCUqTL0YZRCuJY4NPA1gF6w3bdxRhRpiudA2u7wVQ4WO8h7 -tTjcTNcOs+FKoZCqauupSDGyCIDQySLpjLB0+FlVJ7sK6x7ozpGQAHUfbSA/+fnZ -lVzznDmda7MlLm+87oAQS4fQKx9RwQeoFJ9kQHyEvEYbIQuI23nmkLAZdDmII70q -2+zTKDmTXD1cMQ6HuUtn7nUdjFCoMtpuMHU0m3fjrHlhJRfKIEJTPgc6wx1SuYft -khkii1nRYTxnCL+BeVWGfWJZtylzK2bVEQy1S//2EclCMnoYCde5A0n+o85YfHp4 -KYHMKYGHbnWgKSGtlKP3C5tN9q1dDq2i+QtTJL3UIEfHsV+qQvHAqaOqvLnxJuYI -LIkr/vspDKtdUdEmVIiytLTJ+8XrmdLoe1ANCDIowJeicOiSloLtCbS4v+/9IcmG -szrbef3Lg0UvA+4oK1pmWGZKlnwE1pojOCoUm0Al7DvEV62pp3yy032EEMTdYJK0 -A5/9hOX0jw8eAm2ebdT3A7V6KkWL1IEgDC4B8ZFAHPQgTpBe/gj2gO0lslj3WOyh -cnUsIKd8wwZbw5zutRuxrAf5MujbS+Jra6J3em0wbx0sho2E110WntB6h77WxJ44 -FGPt3Yp78ORIvM59UCu9xL0VdJgj4UptG9mYn9fJ+BGuvDejeSD+EfDZvIE98hVL -a2/MmiGKD0gFQRcTHCAROLnTvJikcsdAXXxzAip7Lo/0eKq1e3gZPWhMfnoohBeH -SaktcJAfsh7eIsjV01iOC6lfDEmtPUBYrv8k4a8TGE3BPfsmJ5juIEWw/CRhd2ys -zAP3sqFBMxvZEiEdKOgvgpqxJR5AMFyhguk3LcchOXz81joaLPVw -=rrIB +hQEMAzhuiT4RC8VbAQgAsZHQ4swKPDSXEpnsvc1xrNI73LnD5gtey6Nf3WJ6bk60 +VYpaaX0s79oLmJZe8p64LOJvQO/MIm6kLXLrCQmEKGXbukh0ehVbvMcUtZplWu9T +GqYsbSrGre/QR0HcvIGsid9Mh+R5/87YsBz4n8YW/jy0Q3DczmhKbiEYnvx4/tg3 +qiUgInjCuxblsn0AjgA1sq8Im8IFgaUQ7tCZoAuPbqxJ3KiW+MlmvARjH8WTKDQU ++RJSvJVESSqBdOjwQX0TKkAhUJaaoDXDvgOBYsv3FTd4P2NpJZM2hjQ2VYCNsaQi +HF0maBDfeWs7Hdq57XTolJxQfHKE87hRCTkYPF5ufYUBDANcG2tp6fXqvgEH/i6u +qwKYtT2mNbDUSj2bySDXJERE1qPKlz+F7rO0aXqo/0q60vQ2RjfBVDxtlTBDBbYf +cKuIOIQSslPLQjRxYSKzSDvKxNox5pY8wI/3DttZEYzMAEui/U/ch/sCKE7hGBrh +HPDv9t0zgm605+gRNlJE3oZTFB5fDg2kxWOmhIXT70wdXP1jLM2MR8RC8y5N3s2D +1BgpclfpA+3lrCx9W0AS7w1uPCQT781diNH7zF8GLPqcmD21FIaelxsKl2PLeoVU +mZHYYb4S3NIgkBO8MGQcKnFeCJpH0gRtSlKnhLuWfDV4Fxnbs8WjXD5bm6OEv62t +BIBTS3Q1hKkfdQXDjoSFAgwDodoT8VqRl4UBEAC0bsxhdfMcxLu5LVEsmAxxRTaB +jWcow08Oghq6LdQElhFMlfGLioaaAWKaTdutYl1XHGOjKcrLmX1HQqLgGt1s+YI3 +Fj9UpgGpuGYx1GuJKNSuGVOxeGPma0bxrDDnDxqXUEXZysSKLi/Tiy6Q2gQpczwt +ApN0Pcvv9sg6oF1OX6WrlknxRnc9BGulDQ5a2rAybc+YxhrZr8ynpkAzYZ0a3ZlC +oE/3cH7NOiJY/xPaWxodkYz5Yo94OPKbVtWhRA3BoM5BPnOeKXk3VqxEsSv4r/K+ +kbY/Yt1hZSt5RVbqP+2PpOwgcI1IHV08aI1Dk1IgSVLaIgerfPqyxSD1z/pMJSLW +fKCiLsxB2MQ4HLFAfe3xOm4eTdDtJerLGEKonaJHwlgITy14iPF7t9fZXu5ixbIZ +snv21Bf3Iu/H3PdC3uq4hklAL7slb/GAdPA4b3My0kIyhBghGV8JcUeOsBg76iLE +HWKJQhwlRf/eZP/POwCUu+aalPQQ5DiK1KvfS6Ed1k+sjrHzoXHlmBl0keRmSDMz +/taAzQmgKLTel7nBFrCll/T8Z+A9/DKsnh6BsH4aXNDB+khM4iCkjVQ+iMnRMQyU +969hvVUZ5AA0h3nUq4OhKUrtPayiSodmMh+oZybQ26N0TEmL9osSPQR3z6m/R275 +q27IGQUkUSZ2X+H5V4UCDAPiA8lOXOuz7wEP/0z3g6hJ2VGUV3071ZT3Yv91Xksy +bZpkQBYOIY79A623CbxtUMq23Ddq2Gk4QzutSjNO/cxtm90bmVqMkR6nmkfNW5UJ +eh/Tn+qC4sWnHEKBoi+Sldurwnhg4egA5gcxMXyuh8uzboMcuVhXySPLbEKPAmVB +IYZHsyyl4Mjv30Y80NICoIuXQxdQQcliVP4EgVv7UTfI6ENNQWtVwwTF0pcjssOG +5EvBN/hINsYDB+jQxqQykfp7h3jfYPqv9VcH4a0JXTD6gXIlEdbNYMverU+cXAqO +S+9oVCgXb4a9z3tV44fJ4NCEfk2ifIo65D80WEqPfvgsLMgdcU5l+CARG+XQ68HN +//XnaVhANVoxSlOIW/1kmWGGQSDgcaFXeG+gkeC8ZqMhA/MnkQQ6FJmdI5AXhy6R +P3AIq63OWW0wjvDYsbt85anK0n1LQOpH8UWjoQuCOIlAswOU7td3aPi1UaYofoDD +m4tAzHAzuLIuRu4SdmV+m18GYKvN1bxf/xCdaG7RROgQ5y6asr5UMpwQBhJOGH/b ++y0JOeGDGMCOAxzNtTI8ehIcw+dWK4Yw8WNpbvaii7/r+9YA6arIrdPMoIsJRlUc +GeFZTHCMQi+ZRO+BjF8Rk2X4CIdQ5+DgZp4OY5SR4ssYvUEcJrBOCVHU9l+FA+hS +V7JKcpgk7R/9adWo0qkBcD4R3suCEZX2TsjdIql96LQ9DvodF9zImoHoPjxF/bq2 +bws2vxSuBTYZkhJP04mHtFaZ1LyUYcUZHd5WLqLdHRv+bb1QqoGI/zgX+TY9OiAX +r5KDY1V3nyz3vzsufa4qRq+llOj6xyIT+4T0Qxj9SxTYVTWuwuXHWOHwElRe9gOU +x7LvRgwV7skQU64ASXhmj2ktQAU7IqxeUij15jDjxIMuT+S5Y5xG +=iO70 -----END PGP MESSAGE-----