From de061801dbba7b3f79da126947472308b95688f4 Mon Sep 17 00:00:00 2001 From: Sergiusz Bazanski Date: Sun, 13 Jan 2019 21:14:02 +0100 Subject: [PATCH] *: k0.hswaw.net somewhat working --- README | 13 + WORKSPACE | 22 ++ cluster/README | 20 + cluster/certs/bc01n01.hswaw.net-kube-node.crt | 58 +-- cluster/certs/bc01n01.hswaw.net-node.crt | 64 ++-- cluster/certs/bc01n02.hswaw.net-kube-node.crt | 58 +-- cluster/certs/bc01n02.hswaw.net-node.crt | 34 ++ cluster/certs/bc01n03.hswaw.net-kube-node.crt | 58 +-- cluster/certs/bc01n03.hswaw.net-node.crt | 34 ++ cluster/certs/ca.srl | 2 +- cluster/certs/kube-apiserver.crt | 63 ++-- cluster/certs/kube-controller-manager.crt | 40 +- cluster/certs/kube-proxy.crt | 63 ++-- cluster/certs/kube-scheduler.crt | 64 ++-- cluster/certs/kube-serviceaccounts.crt | 63 ++-- cluster/secrets/.gitignore | 1 + data/secrets/.gitignore | 3 - env.sh | 200 +--------- requirements.txt | 12 + tools/BUILD | 29 +- tools/clustercfg.py | 352 ++++++++++++++++++ tools/install.sh | 12 + tools/pass.py | 6 + tools/secretstore.py | 22 +- 24 files changed, 811 insertions(+), 482 deletions(-) create mode 100644 README create mode 100644 cluster/README create mode 100644 cluster/certs/bc01n02.hswaw.net-node.crt create mode 100644 cluster/certs/bc01n03.hswaw.net-node.crt create mode 100644 cluster/secrets/.gitignore delete mode 100644 data/secrets/.gitignore create mode 100644 requirements.txt create mode 100644 tools/clustercfg.py create mode 100755 tools/install.sh create mode 100644 tools/pass.py diff --git a/README b/README new file mode 100644 index 00000000..a9bed377 --- /dev/null +++ b/README @@ -0,0 +1,13 @@ +HSCloud +======= + +This is a monorepo. You'll need bash and Bazel 0.20.0+ to use it. + +Getting started +--------------- + + cd hscloud + . env.sh # setup PATH and hscloud_root + tools/install.sh # build tools + + kubectl version diff --git a/WORKSPACE b/WORKSPACE index 57fa6285..74e276d5 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -1,3 +1,25 @@ +# Python rules + +load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository") + +git_repository( + name = "io_bazel_rules_python", + remote = "https://github.com/bazelbuild/rules_python.git", + commit = "ebd7adcbcafcc8abe3fd8e5b0e42e10ced1bfe27", +) + +# Python dependencies + +load("@io_bazel_rules_python//python:pip.bzl", "pip_import") + +pip_import( + name = "py_deps", + requirements = "//:requirements.txt", +) + +load("@py_deps//:requirements.bzl", "pip_install") +pip_install() + # Go rules http_archive( diff --git a/cluster/README b/cluster/README new file mode 100644 index 00000000..5b2fb7b8 --- /dev/null +++ b/cluster/README @@ -0,0 +1,20 @@ +HSCloud Clusters +================ + +Current cluster: `k0.hswaw.net` + +Accessing via kubectl +--------------------- + +There isn't yet a service for getting short-term user certificates. Instead, you'll have to get admin certificates: + + clustercfg admincreds $(whoami)-admin + kubectl get nodes + +Provisioning nodes +------------------ + + - bring up a new node with nixos, running the configuration.nix from bootstrap (to be documented) + - `clustercfg nodestrap bc01nXX.hswaw.net` + +That's it! diff --git a/cluster/certs/bc01n01.hswaw.net-kube-node.crt b/cluster/certs/bc01n01.hswaw.net-kube-node.crt index faaac92d..560d2fa8 100644 --- a/cluster/certs/bc01n01.hswaw.net-kube-node.crt +++ b/cluster/certs/bc01n01.hswaw.net-kube-node.crt @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF+jCCA+KgAwIBAgIJAIDxP85du/ccMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +MIIF7zCCA9egAwIBAgIJAIDxP85du/cjMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh -MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzA1 -OFoXDTE5MDIxMjAzMzA1OFowgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv -d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu -b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD -VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAxLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAMmgCuw8NEbYDPAYxT+3RXKnr8tpKFam0UTIPEO5 -PZ63gEJHm5pdhlDbojKfNzWiSliUQ3qtxeFZfA5NLkdhwJesBPXOUcZkzNGIBces -nmetfN2sakbUwTucCTjVDq5gAXQ5wlHGjMI7G9iddjF1DmvE+s2ewtCOa6nR1v7b -Ltx7gmuxorq5FtWTnzeTLz+35savmz+5gQ4hTgEDVyne/BCJ+DeVynawgJ8LGGbg -zpiyoQE3Fl0Aqy96J1uUOhpJ1r4XVv4H1vzmJclRJjx/m6QsJy9VPKUX382dQVgD -98eVokg+BusblxW4+mY/WNv5a7N2L7h4ek4s2ocyVjUKBo67vipd0EbES0mHSOJe -zwYU8lQ5QIRsnJkUocGcwGDZ4eLijdYDz++SqBsqwbziprpSw+m3Wyl0F6BCYLvH -5l9tsMC569jEhQUZ64+NoN4dls6URO4IdtX4ZSONeydaxIfd51CVPyIviT0jlCto -Ii3AkSbsNBZDR16T7e6b6zPaPEBnk1g1SbcVbGi1gIPyrU788m+QbDUo/E8m2WzQ -ou9DlMgMEXJg3QMHJwqUiazNxL3OTSiw0p5d6cXzRA1+21l8TdGfzgnefSDapbBG -RN5WjzW6Vx2lrEcG2Novf3Hlk4/rrHTc8/Sh4pdnGO2R3JWqG/UqbMForp8emuMk -l6MBAgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDEuaHN3YXcubmV0MA0GCSqG -SIb3DQEBCwUAA4ICAQA/ASwzUfjy0rQKbt2a3aheYLwF6ZUpuI6GSTElXiNfPSyh -XpN6hWkrAetk2ReCxMHuvbNA2Bt6poKUURKOtfJGf1//a2qWeJTMwx3ALSJOrzfF -18RIJK8zOkgr3LjjbqFQbeT/yAxyhTx5nOfbQA/dOfo2vOBb+4lrhGFheO4VvOQq -1bcWWTE7rdQBhcIh3dYawKAE4UHHUPCOAPjbLyrAnvZCQXZXgAitExhue+l13rFZ -ko0T8Il6rAf7eUWjJPfnBJHKGh2YXL2O3YgcJnPQs9EzmJKCjsaTEjA70sB/A4yY -lc6ZeATT0iwnKcJYkRsu4gX8VwG9yYDk3vNUGorStdiqKFCGwHuTqmj0ArITNMLe -Mo8FBeB3YzCd354roHATfWwRGMmu1xzZmOC/Yi8XGQwDYBmkKguEAayuqJnYiAVd -H3tf5Xytj0LVWcWy2kb5Xl131JQe1cMb4Do9fvYM5H2e39bZorq7z6QjKK8IKdWU -Q48ExHJ0HBclu34DE1orljxkD3seE7xziWgO2WfEYShaQgrl9U0VJBWQqnGvFj3c -lCx8ZbDGZAhhvfYM5E+R16LPDZ3L9vt0ea/Lmhzg23GFQmfsD6fsw3CJPHOir5UC -tSzRY23cl2Fc1FDnH9CXgBwEFIAjm4oJSkbEcXUvkDwqlWghvFue+uv/TvtkUg== +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5MzMx +N1oXDTIwMDExMzE5MzMxN1owgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl +czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt +Om5vZGU6YmMwMW4wMS5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDJoArsPDRG2AzwGMU/t0Vyp6/LaShWptFEyDxDuT2et4BCR5uaXYZQ +26Iynzc1okpYlEN6rcXhWXwOTS5HYcCXrAT1zlHGZMzRiAXHrJ5nrXzdrGpG1ME7 +nAk41Q6uYAF0OcJRxozCOxvYnXYxdQ5rxPrNnsLQjmup0db+2y7ce4JrsaK6uRbV +k583ky8/t+bGr5s/uYEOIU4BA1cp3vwQifg3lcp2sICfCxhm4M6YsqEBNxZdAKsv +eidblDoaSda+F1b+B9b85iXJUSY8f5ukLCcvVTylF9/NnUFYA/fHlaJIPgbrG5cV +uPpmP1jb+Wuzdi+4eHpOLNqHMlY1CgaOu74qXdBGxEtJh0jiXs8GFPJUOUCEbJyZ +FKHBnMBg2eHi4o3WA8/vkqgbKsG84qa6UsPpt1spdBegQmC7x+ZfbbDAuevYxIUF +GeuPjaDeHZbOlETuCHbV+GUjjXsnWsSH3edQlT8iL4k9I5QraCItwJEm7DQWQ0de +k+3um+sz2jxAZ5NYNUm3FWxotYCD8q1O/PJvkGw1KPxPJtls0KLvQ5TIDBFyYN0D +BycKlImszcS9zk0osNKeXenF80QNfttZfE3Rn84J3n0g2qWwRkTeVo81ulcdpaxH +BtjaL39x5ZOP66x03PP0oeKXZxjtkdyVqhv1KmzBaK6fHprjJJejAQIDAQABoyAw +HjAcBgNVHREEFTATghFiYzAxbjAxLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC +AgEAKwZ2WM69J2U/fnzTlxEs9kULkxYXgHnw6WZmY/RXyIX3tCjgUSisH+binuDB +5GplGOhXg2NjlcBio7Lkwb6jJobs6kr1f1OR0EbEHo52JUbjH7m/33R7+6QuR/ps +IW9zd+VnXvYtJ7lrI3/mlzXOMCiXfNI7sQAXob04T8WVsVrDLpg5wDUKwtLLJSf1 +MzUCFyFZOtCqB+5MKsl2jBiCXWUj9vFgpx5dS2/cMjw0cXZcbcbz9ZP68PXdwvoW +Vt+wBQEhmbIhx5Z1jZsH/fnor4rsK7CS9jp4zGCWHiphk/rzL5VsJvVCuIbuuoek +4lMNYZnpeccUkGFJtizMiiAcrN9xeNm3s75qmBah6ZGjSWZXgwESA3+5+pzE2ptR +Q6MP1IjzMauyGacUBDU9HfBqc2cAeKyq+CoabuA0lrxt1jYHlnFhkPN6kDS1TQgv +eMeFkuPhfFnAeWB3SPbXfJthCDqv66ApTKAMMb51HvbqZCAR8qUJkOz+ZkvxhIxv +1SmZOxrQn1lejLGvDox8Sp7b7+h0ZWxc9n3hTnHMd/tT8ZptzsVH+7DCZH1oHPzn +0dhhr2ZaQ3vN5L/MEK1L2uF4FggYFKEJWohG1rZH/hlBQhUEudLIeZOSFbyXaCES +fgeaGmZ/gC1mLuCw+Hfc8VrWXhkq/QaP9dzyHBnih8bfdIw= -----END CERTIFICATE----- diff --git a/cluster/certs/bc01n01.hswaw.net-node.crt b/cluster/certs/bc01n01.hswaw.net-node.crt index 46e5781d..773ca4b0 100644 --- a/cluster/certs/bc01n01.hswaw.net-node.crt +++ b/cluster/certs/bc01n01.hswaw.net-node.crt @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF3zCCA8cCCQCA8T/OXbv3GDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTMwMzIxNDNaFw0x -OTAyMTIwMzIxNDNaMIGqMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr -aWUxFDASBgNVBAcMC01hem93aWVja2llMS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5p -ZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNlMSMwIQYDVQQLDBpOb2RlIEJvb3RzdHJh -cCBDZXJ0aWZpY2F0ZTEaMBgGA1UEAwwRYmMwMW4wMS5oc3dhdy5uZXQwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCu96QoKSTxlA1mlckkXR5DhANlACOG -aE/z/6Wxi/2pGYV0jBeml6OCKscuA4dVOuCnpgb3NDtN1q5pYyRw6v7vm2SVjwZI -3i6jF2KHYT/2AShohjvQCiCCxVlejBYIZGt1cFL1r7pTm9DAGCcV2rVJOtbtrUpt -10UMGHRw3IRZWjbYdjxuq08AzyRVXiEUGD72OogXW2FGoltY8VXeItlPdib43UTy -81UrYLzVuV3WzfuUSuE8bFi8FA8SHDtcVqwq3xbwH1KCk9C9Z0XroErhjq00Iu6O -Jp6sVBUH7FL81w9feffZtX79i8MbyDFRvItEePBInaxxq5oi7BbRsuvZmSbK7Cou -hOKhFeyyxj6HJChvp23DSsR7uhX3XLLlIokCA23bYo2MK+gHkxTfLdAbNfdeF12n -8tM7ZFMQ6WY35mVl9wSixpTNxqUtfFhJ88GUYiN5vgVPf/fr2mtJ8X5LQpweTfAL -RCRUFHU16sOJsWqBgztR8JXixfRrVoPQ1+0HftagyMmbjTe++b4wHhgBEeHn/m7e -vm6YqUTDgCFXCoMxiQ0hyvieqoqZbGaD7jjPGCbQwtyiEmqmkc+9wIMa+aFJFOTH -uylIN9mmbAgD10QWRnGXl0ebY3deRc1a168tLGxq92Qwev4FLb+efP04HM3au5Ar -WvrBXI1+0t9HCwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBRHblAlrD0nJQf3pHO -H/HmEf2Io6CWx83+hvtsLy7W0VT639JA2DvsIe3qfk4XSMpfLJwszRWbEcxqsqH8 -Tb5599KLFQ4LuFkfYb2qh6Aqg9Rra4tOLkHGb/RZz2kYzJfNr5fNFMhloXDI4qKw -Ztc5ZO/jq5CUh4taspx/Z1oeHCP4/3Olg+mPtcTMmj835CcoffbKaTKHTuNWIT95 -dWwOMeZ3gMaggDolfSBdZWxUUXJZkwxIcM0VHasgb6OdBldpS3JsbSUV5oIYoD6I -HBNN30Uqj+L4XhblhN6wEdCBgkkx5jMgBl3bfAyTz22Od9dKFU9omDb/Hg7+Cbqg -b53LgR+jACecVz9DNfTu4eHRuKKF7jFMi0DVLLUd7EcsGRj8zXPd+hrTTRjPcZZ3 -I5KokoZDhpctU/eapE7tTHjrKgdtvp6EDgfzaC0rbt1ut7vokGWNWhQ0IFCBIQZv -xtTqyhVpV2cS3H47fm/vPXJhoiLs2DfxVa2n2LSx75aC24HXDCVCDtT+Rf6+QH3h -7sZ7OI80aAlXUa3TiZocOGCvOKr4GAVJ68Kpim8Rn4qgIA4wPqUXcdtVjy633BoK -txAaM4LN3SSb1RwmgZx3hm5mLvJ194LSEUPsVe60N65jcSkKAbKOkSyScRODu7Pb -gy6l4a49WUmiJlse+3SRGodNww== +MIIF1zCCA7+gAwIBAgIJAIDxP85du/ciMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5MzMx +NFoXDTIwMDExMzE5MzMxNFowgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl +bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm +aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDEuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEArvekKCkk8ZQNZpXJJF0eQ4QDZQAjhmhP8/+lsYv9 +qRmFdIwXppejgirHLgOHVTrgp6YG9zQ7TdauaWMkcOr+75tklY8GSN4uoxdih2E/ +9gEoaIY70AoggsVZXowWCGRrdXBS9a+6U5vQwBgnFdq1STrW7a1KbddFDBh0cNyE +WVo22HY8bqtPAM8kVV4hFBg+9jqIF1thRqJbWPFV3iLZT3Ym+N1E8vNVK2C81bld +1s37lErhPGxYvBQPEhw7XFasKt8W8B9SgpPQvWdF66BK4Y6tNCLujiaerFQVB+xS +/NcPX3n32bV+/YvDG8gxUbyLRHjwSJ2scauaIuwW0bLr2ZkmyuwqLoTioRXsssY+ +hyQob6dtw0rEe7oV91yy5SKJAgNt22KNjCvoB5MU3y3QGzX3Xhddp/LTO2RTEOlm +N+ZlZfcEosaUzcalLXxYSfPBlGIjeb4FT3/369prSfF+S0KcHk3wC0QkVBR1NerD +ibFqgYM7UfCV4sX0a1aD0NftB37WoMjJm403vvm+MB4YARHh5/5u3r5umKlEw4Ah +VwqDMYkNIcr4nqqKmWxmg+44zxgm0MLcohJqppHPvcCDGvmhSRTkx7spSDfZpmwI +A9dEFkZxl5dHm2N3XkXNWtevLSxsavdkMHr+BS2/nnz9OBzN2ruQK1r6wVyNftLf +RwsCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAQ/3C8fhbgAI6Kd3qh1GNJHC8aEdf +x4iAvuVk9xN5C2UeFK3aHPXNAM0INJiTBhgA38fCra/dzw4cS3P9X5eWrt6uQk4x +mHFty2cNcxGdu8VyGheRFxosTlciwBe+2WjrPHlCaqssaskzocCXpXVNxB4y5Bax +aeb2mruB2IpleAWQeUUvqg56cu8i8Uu9nVwCVB+2VmShWYb2Wx8Yh1mpX+w325Lk +2autcjhHjuv5OqKvACgcNf7sokhgyJs7VlUJ2eg1yswZGxHeKVjEMSidpZyESNLg +0rz18/M1tQt2LAQIFCsN3DFJInwyZty79CvE1MYM6kDILgNVhAovlowjy0P2MGV4 +WUrfa4JxIwQ4RXjSJqUsGF9XT6QOTW/yp3VgsIOHR5K8fGdcqjL3mweuU/zxClpL +k6dkS+/DLxM4j8rsAa16xTnFG17cenpVqMsST9fjsQSRUV3HLWOOrVQ4P5ax390T +cXoU8Ptdn70F3LG3rXaQaMryn+T6qZYO/FSLwMjWYfYcFM1RHldxuaBcfl8kCyd1 +dSqc8zU/kYj6QH3Y1nXJFdluj3UUhkQvkeAd3JRqF+zug+KskWKu2l0w7o19f4rw +bOBwfxFoQXns4K2rQ+u1wR+EZdNMWDETD/F7R3ZvNmEIbpMAwWx1t1AIm7rT5fQT +wxsWLBWehpRMa5o= -----END CERTIFICATE----- diff --git a/cluster/certs/bc01n02.hswaw.net-kube-node.crt b/cluster/certs/bc01n02.hswaw.net-kube-node.crt index e92410d0..e2f4acbb 100644 --- a/cluster/certs/bc01n02.hswaw.net-kube-node.crt +++ b/cluster/certs/bc01n02.hswaw.net-kube-node.crt @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF+jCCA+KgAwIBAgIJAIDxP85du/cdMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +MIIF7zCCA9egAwIBAgIJAIDxP85du/cqMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh -MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzIw -M1oXDTE5MDIxMjAzMzIwM1owgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv -d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu -b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD -VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAyLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAOGSPDwayWrojo+PwSKnz7gMfX72Ht3mKh6MQpvi -rbR4A2hwE6XaJLenH13vtnvsNE2otCLQn/o59e0sQmHlVFqXks5+mmSYpSacLLPj -kwON+fjFeVma8NDPTZqHVnbIAau4mXz5KAEraw6gvcxjQG6mDfQZjvZBWtNZiLPj -rXTZVTKYiT64Vp6GRm/pXWmDaAHVTWfp7atqZ7uAgL8Y2J4FLe4zJxD8odqaP1QK -ouARpLdhPbvbg6SzLcBBlSLKst8uB+tjKSkor6uZplz9ZycBqQUwXD2Yu6lPwNr4 -eeaHc22rqsYNh6kbRIA2HViohy/1HgyyXzR1zsVIiAiOaLpcTMqRrlDALj7CPiS1 -+iGDEkIUaHJGtpmeqlvWvQgkBlclnn34I+XJoKgfh5N8CueawWoRYlh59pX5XK/b -5eRQPem38vxdDAkhuI/FrxBNNSAslZTL2/vxl15NMUDCfHUJzwq7urpQe3KJWjgR -lS/nyhipHH1nGfg/IONbmsTVjabVcueTwIxbGZxichc55kNrrZRZiLnQawqKnZCV -CIaoBGh527Q/JmRk5ietaMOYAh+jJxPTdSAJIq/ZjF/GX5mn+Ssd8POgXHkhrVL+ -2XV7dBDS7k+2nKj59z1x8tfo6T6V7Vdsop/AmLlv3gENPB93Cm23xDV64hjg5lGg -dkt3AgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDIuaHN3YXcubmV0MA0GCSqG -SIb3DQEBCwUAA4ICAQCfzQoxBJDC4H7ibYcE/b5tV01XNYQHWctd/9Kmu5nCP3EV -J10+neSxClp9OsDFlow32GL5TKZVrmEAiGw0Oy2HTawG0Nd781T9L0py2Gd7R7tE -40qBIHh8Xdpn5mGWtevXMWbN2phrV2sS2qn7lO1HhLbjgAJefXApiiQZbWv1oh/1 -flwIi+fZxWZ01GRnJEtkU5bGoHqLhDRh+9bGS2Fi4NqrZkxpfDTZYDe0r1IVODAs -/C+OFWbsfYsQLWtNFbgl7y0CqfgFz2cmtT21XE27PWuA5USQ8gqwPUfA0OaEMWDx -wM/D2RPB+LsQDpNk3lKBSgXNY7GVJNDmgFXFQhdlcE3KjX9kFbmXtLrEqUQMqGQY -f4J44QWZXc2oWDDqs9O3B71suW9xfBhzAutjNe54yC/XFvz3Mqz+5OLXQTvVzoLO -49F4871z6hqrWmqgXdWBTS9kW6PzEGiVKxB+tKzweq0aTK7cghVHh8ie5DsK6oFz -mhrFsKjSEZuPr53umJDzV/X7roECGU6YW/3n7QGhZRjk5SgTwaB6gl6r8liEEP0H -KH72le415hp1qWvBCfVmUFGOB58Rotv5w2E5mWkQ0qW/jLCX1CYCOU/fck2r2+vm -oPX/hbt7a7iECsryrF9/XIF+Knon5FIenm/NtLIZEy4uIG/P6RHFAInEazU2aw== +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTE1 +NloXDTIwMDExMzE5NTE1NlowgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl +czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt +Om5vZGU6YmMwMW4wMi5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDhkjw8Gslq6I6Pj8Eip8+4DH1+9h7d5ioejEKb4q20eANocBOl2iS3 +px9d77Z77DRNqLQi0J/6OfXtLEJh5VRal5LOfppkmKUmnCyz45MDjfn4xXlZmvDQ +z02ah1Z2yAGruJl8+SgBK2sOoL3MY0Bupg30GY72QVrTWYiz46102VUymIk+uFae +hkZv6V1pg2gB1U1n6e2rame7gIC/GNieBS3uMycQ/KHamj9UCqLgEaS3YT2724Ok +sy3AQZUiyrLfLgfrYykpKK+rmaZc/WcnAakFMFw9mLupT8Da+Hnmh3Ntq6rGDYep +G0SANh1YqIcv9R4Msl80dc7FSIgIjmi6XEzKka5QwC4+wj4ktfohgxJCFGhyRraZ +nqpb1r0IJAZXJZ59+CPlyaCoH4eTfArnmsFqEWJYefaV+Vyv2+XkUD3pt/L8XQwJ +IbiPxa8QTTUgLJWUy9v78ZdeTTFAwnx1Cc8Ku7q6UHtyiVo4EZUv58oYqRx9Zxn4 +PyDjW5rE1Y2m1XLnk8CMWxmcYnIXOeZDa62UWYi50GsKip2QlQiGqARoedu0PyZk +ZOYnrWjDmAIfoycT03UgCSKv2Yxfxl+Zp/krHfDzoFx5Ia1S/tl1e3QQ0u5Ptpyo ++fc9cfLX6Ok+le1XbKKfwJi5b94BDTwfdwptt8Q1euIY4OZRoHZLdwIDAQABoyAw +HjAcBgNVHREEFTATghFiYzAxbjAyLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC +AgEALdUQsaYYC/Aj1Y1Wa3XiPO8vxBvNbCJnJKdQqemijxWgI/IVfvLJJqbfpb0/ +p/83y2myYUNfAFyL0YVG+13naMqSLUbUW2S+Ctbi3gMs/WIj2/zdnIYJXtF1J3ou +2nlT/NT/4SFXGNr3ANKSFTEdm4tlW/hpBZb2xuf1/A/oH9GGE8wyJoBErYYS17mM +UPC7+Xxm3ZfQxjERSuv4OjUTOTxyVVy+e/HV+wdIQZPx8Ul+KYHQFsuJIISy2kqj +o87gvjwFomhcicefVOxQL7uL/YWuEHevdHfN80gY1i2MUNIHlfVQiUQH7APoI8GM +GS/onOOzGUV9+AkVrWanxBPxuU5K8poSq20bJIA5FTHYXCanCnyD5jNvgfPI9uMg +T1PSc8WmoW64EiSZMiBn+TZeVgmJ7M5eQS9WyUtwPbwW7mxVMFEtnXSRA/zsaWFK +ZVSjl1EjNpNfTjQTx+fEjf185DzE7wjOCiQhxmLte09vJPbiDWy31tLBQ2kEcGc+ +/nofWK6AWe9vv5nqrpCuekcy8r2ZBUxrfrHgDaNdErUDIz1BiT045RvDejXse6oo +88Wb19acjkesJbO+cUHa8wzTRo2293hztEycXmOaKtHiogrD5C+0vSSrPJ/676x1 +QQTK5568NBFUKuevdNHxh7MERcHImxk0UpIVUexe6UXmptM= -----END CERTIFICATE----- diff --git a/cluster/certs/bc01n02.hswaw.net-node.crt b/cluster/certs/bc01n02.hswaw.net-node.crt new file mode 100644 index 00000000..0beb35fe --- /dev/null +++ b/cluster/certs/bc01n02.hswaw.net-node.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF1zCCA7+gAwIBAgIJAIDxP85du/cpMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTE1 +M1oXDTIwMDExMzE5NTE1M1owgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl +bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm +aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDIuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAy4rQNKn1wqavIg4fEyPSxpC3ZQ8TULE/3VSo38rd +vSwb9c1AfNQXYCg2wm2iRk5Zt0EQgE/HHZ/NUvrymH1I/2JNPvlkLY2WlXhtWSiX +B44xynS2UHvRC5wYfPUCCFjSylYOhh6N85CZZhv+mJVLWOzbA7jLEa+1THevRUzF +MBznkCW9QS3ZCzfZs0Tlb0yVOPKjjYqNsTdfbBhV9m31FUbseg2g7+oaCPFXrxBf +Aj+MDo8G2xP0M6QUZ/VXkPDFq0VE2CQBCDr3dbncLZD0hEp6ruuzM6yNzKSXl6G1 +mfkiupiqHZ784lyrdSyc+yv4TFoJPVi6n/u34k+B3SQXfA6BBsLzqyhJi+dDxP2l +Em2HVg5u1hmqV7ZU1BQ7p+ricgJv3xdpzAbVQ2ukw4Hipb8Z8ZKSIsZ0jLPQ6OVh +5cambMp3mD7pBDHf6zDehiwhYzIBEXUSVcF7+c+chKnHuav35jw6WJzozCCRilW0 +W3avCeyqtpIpeT80kt/s6/KxapNt70vZKe7RbRjxGRVBHk5tn5fHO6XRGDGqQ+Jd +nHhzaAm8GIoFnNEkJp2BjMywzJTQnY4ZEn+Iut7vpU2F3zgR1KaaACTbc2oe4TrS +SXV4zZRlq8HNSdnhxBr9cZIxaqlQG9d3jURQrNZ2d18u2a2nCDJZOYQTRzWqqWhM +KBkCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAAHmclBSa+MkJ6pOCWoBSWu8chMlh +QCJZqzmhfsrxSnATtfBoa+kyi0qjrXbCUhxmsKCeZjH4zCznd1MwcjL5wwQbS6Lb +slH16NqmrCRZF8A9Cy6noFCdl/EuHqoe9kl7cFZ3jyRQ7CXhMxsWDQ+07I5M3cTn +1hT1WyLCDU88t677MYeuNGdVIXkhX7lc1glpItX2PEpUrg6cF7ifY774MmwYUoy1 +2kP1uIZO6TJtuNQPsuWmOxFZjVQ0lBSSSegVquOkE7g7UKMxbooPXPgAL1u7KLbf +tlzu/FU3LqiKkn+J8mvDoMm+6wsbPqXgOepnHcEHlWXhEys+Jzbz506qki9uzufE +2mdW5b3s72TcgMp03wi6gAZtjsGAaT5v9jmfUBkPkn1aP169BBl8gCnI3yNNiext +Zrl/28CL38vekBa/87u2BPy5xPQx+D+Nj6w5amhgAZg1FIyJbmfjup/VwZUpQ7Ac +D6h1B0exveRAD1uCPC5pTRO39TqapA07JsfTT5QVxVqpKIZUzIc7+HnaCcpy4dGN +4cZXZDPVkrhL8NWqwOeoL6mP9/CG+a6O2LcwiIaSfxSYBvXGCY1A57wATfpd3h8D +n9qAX4a54eHMD97CgQqRqGiQEBGMR5B4ipo10Tkz5/95dnso4UKoZdNYmEJ5RV+u +woES+ejgN3Q9YX8= +-----END CERTIFICATE----- diff --git a/cluster/certs/bc01n03.hswaw.net-kube-node.crt b/cluster/certs/bc01n03.hswaw.net-kube-node.crt index 9e3eb874..307c68f4 100644 --- a/cluster/certs/bc01n03.hswaw.net-kube-node.crt +++ b/cluster/certs/bc01n03.hswaw.net-kube-node.crt @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF+jCCA+KgAwIBAgIJAIDxP85du/ceMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +MIIF7zCCA9egAwIBAgIJAIDxP85du/csMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh -MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzAzMzIz -MloXDTE5MDIxMjAzMzIzMlowgZ4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv -d2llY2tpZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFTATBgNVBAoMDHN5c3RlbTpu -b2RlczEkMCIGA1UECwwbS3ViZXJuZXRlcyBOb2RlIENlcnRpZmljYXRlMSYwJAYD -VQQDDB1zeXN0ZW06bm9kZTpiYzAxbjAzLmhzd2F3Lm5ldDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAMR3GDwt2biypJBbrmuIpZmNa9I/jpnjVZ3MLDoK -9oho2KEzugfdQIONE9gJtu74J5NVXhfhAzd3ek46w8BKjbA/cCE9Zs8hpxhpBc64 -5RBsCv5QM9gKqOfLC13l/cAIGfWrgFQBcQ0pv2U4AwhERa/6jayZ0hi5QqRA2YMc -H7GDuBg3WQmzjKz1pLS9VHqoja8Jua4QBLj4LP5JRiaLkDfhUavuB4Rj0P5VOxjB -Pa4yQfNCjQe/hWPN50RRhR4E2w2PYiRDz/7O/xn+6myCXIsD62U2OqeLyYBnuLKA -hV9SAKXLxYs4IiMEVZEDogH8ben0zAtsN9N7ImXQopWZmLny5HJrHkgMHeegGhIG -d9eSZbZCMMKgyqW9KLpM8G/ca97a8fdLfAxoVqQiW++3kANpwATatpldsbwuA1H+ -2BGt4t702WprtnvM9CxiCTXGm0nxAwA4onMVSc1hmWj00b0WGYmTArEiYgAPIlgF -ubJH1COkxwHTOvNjpVOcanObPvba3hEKfy8q2bgW/IG7fZRj3kEvY9HnQ5Zhw0kA -CJMZoPq0UE1z0gePv9vCbs1RgAtqhUD0+RPvs2A4giKYIogNLfHjKQdl79G/OTQM -FLn0rdVmG6eqAyIv6RFD2EKH3euadGaZD7XMtRmXITgsfj2qnpxYfddFyNuLbpoG -t0mLAgMBAAGjIDAeMBwGA1UdEQQVMBOCEWJjMDFuMDMuaHN3YXcubmV0MA0GCSqG -SIb3DQEBCwUAA4ICAQBI1haT3MZehODqbPhhKAPErpu2AgoKlDMAFEztSWfH3uW6 -uaX07rlcPMvI13dzkducpL0ha+qVCodL3oAd3Jf7r738uD0nFaiamaGVoepkIfZE -8wfAHS/c9T+iXiG8FArfE+dOBHYt5LFwq+BSyw0uRjRTquF6AeZr5SHrzsCDkFQk -75z2PhciGUHYCk2vv2VGQvg0SkowqegrywWb/yTbAPgBsjZwQ4hmGXDfbJUa7Kga -G2CuI6gRWA2bakfdDnNUqz4Qqn3jis1Qv05NCGCQlfJNVMmIZlrGpG3GUgVBbyMi -Z8ELMKAIhSNSAYo4eZqyDIztRyGD2wEpxE2A+K9RgvNs+ocFgLTOQVji50NWS6t/ -opDVjZ5tbNUsVuEXdmNcis1yq5hniFwxrWUIxDwGaEAwyCRZbV0WuqgUwEGIOzHo -6Yzv6EyHXqJCOubET42Gr5Ujc10zJpZ7oizBNQhuQvaahTKqPgew2QE8MDKmRzZm -F3xgXNQj0jnoJJi1QUmjXANtN7/elz6hxu4HkXDkTCMtqjzGzrdZjLss+gBNLLhe -1xBr3MD9R7XoFxyZFGCEHWiQ1Zdzw+ULai205/kZUFyNpxTK7Yt1I63oHj8HrVB6 -wLM/ibtK/TOtB5cbyYRCETYXeSe21m2hvc2RvZUKgxZ0gS28oYM7OET5s2J8ew== +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTIx +MFoXDTIwMDExMzE5NTIxMFowgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExFTATBgNVBAoMDHN5c3RlbTpub2Rl +czEcMBoGA1UECwwTS3ViZWxldCBDZXJ0aWZpY2F0ZTEmMCQGA1UEAwwdc3lzdGVt +Om5vZGU6YmMwMW4wMy5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDEdxg8Ldm4sqSQW65riKWZjWvSP46Z41WdzCw6CvaIaNihM7oH3UCD +jRPYCbbu+CeTVV4X4QM3d3pOOsPASo2wP3AhPWbPIacYaQXOuOUQbAr+UDPYCqjn +ywtd5f3ACBn1q4BUAXENKb9lOAMIREWv+o2smdIYuUKkQNmDHB+xg7gYN1kJs4ys +9aS0vVR6qI2vCbmuEAS4+Cz+SUYmi5A34VGr7geEY9D+VTsYwT2uMkHzQo0Hv4Vj +zedEUYUeBNsNj2IkQ8/+zv8Z/upsglyLA+tlNjqni8mAZ7iygIVfUgCly8WLOCIj +BFWRA6IB/G3p9MwLbDfTeyJl0KKVmZi58uRyax5IDB3noBoSBnfXkmW2QjDCoMql +vSi6TPBv3Gve2vH3S3wMaFakIlvvt5ADacAE2raZXbG8LgNR/tgRreLe9Nlqa7Z7 +zPQsYgk1xptJ8QMAOKJzFUnNYZlo9NG9FhmJkwKxImIADyJYBbmyR9QjpMcB0zrz +Y6VTnGpzmz722t4RCn8vKtm4FvyBu32UY95BL2PR50OWYcNJAAiTGaD6tFBNc9IH +j7/bwm7NUYALaoVA9PkT77NgOIIimCKIDS3x4ykHZe/Rvzk0DBS59K3VZhunqgMi +L+kRQ9hCh93rmnRmmQ+1zLUZlyE4LH49qp6cWH3XRcjbi26aBrdJiwIDAQABoyAw +HjAcBgNVHREEFTATghFiYzAxbjAzLmhzd2F3Lm5ldDANBgkqhkiG9w0BAQsFAAOC +AgEAWJ0Jdxnn0sOAJHi2AS1eTuiG188rOTt1BCFsYhWzPu+TUVBVz65EmIOF2uWP +ZdNRgxBEePwJAzlw3SfCN6WErb3t3MxIiIwGP7MrQROCm6jOwoV+i9MuLHlVhTHD +hgwNLneg8WmAKYhKCKqEz9izFJfQe67kTgGEgc+bC9uHlq0/qyu3DchT64HLl68k ++McpjnGH2NCeKy1/jdZBhVs9B946eCniDxIuY+5PkJH8JEjPCVaUXYSrr9LW3e3I +VzOHLd3YiguH04UNA3b1g2FCtUMwYHmsImofoLfOF87pHRazbt2gdLbd1ZS9n2Fa +sZD2eu42mlAtyUdIsGQlFdE96vmP/fZOYH/bfFG0manaN4oVjDyhmTRF5q59R79n +y0FNCFFCt75FC72GYQWmTAyI6MEvk37SzYK6dvPnCRcYI/hyBQIo/ukNZfI7BIwc +UOUydcoW9QzVL2uaabRrtYOOEKrJo2Q19CTpcyxbDrwF665JCYKli9gRjB4PZz85 +kmcXcDVeXqPI2VS0RWnVPhevCZn4fiO6o3/Gq/kWo18koAEWZYf4NRDm55T01kqj +ISZAzRqJenGqnX/ZcnGQygSRbJoatZyIVPI4ENk4BdZEJIcCD914iFRl20Xccs/k +I2Hj4ETGN/FVL/kXfiCyx7sx13DvhOPKSyqbk402vrTnfjM= -----END CERTIFICATE----- diff --git a/cluster/certs/bc01n03.hswaw.net-node.crt b/cluster/certs/bc01n03.hswaw.net-node.crt new file mode 100644 index 00000000..e3ef20aa --- /dev/null +++ b/cluster/certs/bc01n03.hswaw.net-node.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF1zCCA7+gAwIBAgIJAIDxP85du/crMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NTIw +N1oXDTIwMDExMzE5NTIwN1owgZ0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl +bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxGTAXBgNVBAsMEE5vZGUgQ2VydGlm +aWNhdGUxGjAYBgNVBAMMEWJjMDFuMDMuaHN3YXcubmV0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAxiuSdlKbh4zsIL3/vJnDX3QE4769lon+N4zxEU6K +9N9MjOctys8H9eeeqSvbPW2QD74f3E3CePIndKukalSutZYvKzsW6aivBXIZR7Yq +ODjFhfIezN3uFN2rlvCrKrMRIEMvURm1mgDYfU+6kETYodRxbzy5h5vVGkYfFmO3 +aV8iZExKpwoOtGCp2K8k6ViS7SWgMddUjnfptB/Ge/Huujkejj/kSXIcIFb/9yXB +F1eYNGzajPVpP8ervTJFetyULfskGxwsWjFixI3oJVzhstYp2C1uNOuNZdNS11wo +pV+RcQdmlIAPe14VxIu2IAXjJ6tgXQEaXx7Veq4HoN7drc5XcKLODL6y65JleXgY +MbRuKdCYbKomCRMWXL5ps0vZGHuuBWk9OITobDBYln1z4iO7MeDuXNwea56gsZYa +3q37Se7Sj2RqV6hIpYyJqWr/6HbZ4Mb/0wOrm18gpfUdDXGtPG8zFNPFiZhS1VpQ +0/UQs63CKu6eBBbJOVme1SjgRN5lyrtnm55nwsquPKDFkT6M7oIrxutFNisX0faQ +G8xBYsIICuhZLzBQLilvd9IBnpMw9JgBygircJEOPXlYJ0L9EVLbn6oi+1o/iCjJ +YpC0Epm/3skNhCUXgxODJMRP+2jgpxJa3T7ggv7ykgP5zVsFKDTqktX+XYaq7diF +MRECAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMpJiqOvJXOVbdl/fAWfXyNToRTBD +nJyRKv9pDa9u9ZiswtwkkKihMD+on6CaKsRQt+1WaYqm9uHZs4D8TEitIdRUjj+d +v7j9XHx6uMc9XmWxlDwm1b2Ci2/mqNZVWsDutRfPM5UhnIH+SlpjDqQEN+XaUQGf +f5JwtDzAvCPb+ktW51oUqZCjLawAx3mQ/cl3GigZC1CxdfSg1HHC8mN7vIKKkM6q +3o9eE3zO4o4UVKENoo7+B4IyhmQu9Qzh1fBO+5k14T/aRIds08skR+wR+SCuG/R4 +FmBUpXw0qkhLDVEbeMA8BTndFBPHv/nvv6ZjIaaQQ7R+4iKprpriW2ZA4/eegHwI +OStwhe8XTHoAkSsIgrlaYH3md20Zmq1YwdxCKDyxPhqBXj6AV65hrwlzLY1H/9IC +KMWjKu0s/E7BWGiaegqw47gcPGEKdDc0jdJXmGgfFtTmKBAhphYj/dSirJuJ8q53 +v/PgkGVb2jntYcBhDhOfbCJANd0ODpoxpnrWiDsNibDrREP0nHWqxuJy3NecNDsi +zANRZtlT+TcJ+CRFOW70SA3uwci7RoOEgERdG2VrjinyL3w8r/Q5826ozM89G9I/ +PiV9N0ALN4y0NHxP/mJoHkfPsR1SkRdQgroFzfBBxTasb88WoD5luz+0ZMoahLIr +9lmjupwIX7aPU9g= +-----END CERTIFICATE----- diff --git a/cluster/certs/ca.srl b/cluster/certs/ca.srl index 34690674..957c06f4 100644 --- a/cluster/certs/ca.srl +++ b/cluster/certs/ca.srl @@ -1 +1 @@ -80F13FCE5DBBF71E +80F13FCE5DBBF72E diff --git a/cluster/certs/kube-apiserver.crt b/cluster/certs/kube-apiserver.crt index 240aa2f9..17773809 100644 --- a/cluster/certs/kube-apiserver.crt +++ b/cluster/certs/kube-apiserver.crt @@ -1,33 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFnTCCA4UCCQCA8T/OXbv3FDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMjA2MjJaFw0x -OTAyMTEyMjA2MjJaMGkxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tp -ZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxFzAVBgNVBAoMDkt1YmVybmV0ZXMgQVBJ -MRUwEwYDVQQDDAxrMC5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQCkM3INHpc2gliSsI3BWlHZLMoYc7UGIDvi2rw+t6vygeXMFCVOowL/ -rxfIprGBdtjKenxuMADKjVl1NzRib9BT26grBY2tvLuZbOhLnFdFZBrWvNt6V/sP -P33IGs5lolkdI5aWKNHwk4Umobhny5AEia7iIMjdLZP6kKGYNRb5nxcTXEwGKr+z -ug9CGSZ5bQrmG8r+nCKgPb9QWNSTmg8AAG6TyoWyImpaMInOwLz2g6KCFd2yEEbW -we6yUv+4iqPYmUjUbnECVqLuAUxMCO0RRtQHk9FUD+i2NB1wW5ixG/5+WrkfXLII -O+oXmC37RZKIFUJks5VmGB2M46b0IzZsgguMXJosjieML5broh7SRIOp6FRoOLzA -2QfiWV9maF/Ue/GUcurSwnsPNtsDy0sqffYjNpsdxHB25OH7abqDmbayNx/x68HZ -2Rs3BaLJM5R0PZVkbYMYTAKzRGUbA2vrpiSnhIDtD3rPTLWcNbZVrDoHGpF+wWs8 -7E5VPZ7LuM5QJNg6ZBLJ7B81rvw3BYTar0H2YfLGeTjhktJ9fJVjx7gvAagBRnip -gSOLN4fiB68wTe8lyLLH+7+ZtfZl8myRzkoDvHc0iBeZa0Pr2iGCLfR5FkqohU7n -VRremTfIodygtTMdSozpOWRMaLJV1WJfMiB91rs+mwMBhncqa3Hp6QIDAQABMA0G -CSqGSIb3DQEBCwUAA4ICAQA0SmB4sBITbNTPc20jhZwdmGOCEYg/o/MIpeKqnBnE -G0SL+lUWxgB7WA7tsojS8gUSq8HaKc7kAtaDiF+in+xCuhzZAXfPRtUNIx5QIZ0G -9wUglSuI37EfM7opmNkh2tyfgHtPvcHIhXWEIyXRmRUWSNd+/J60duECh/G0fOuN -8cToI8KCYPxpnyYLUfI7r4xZ0wVYsu9kHK0AzWsU+i4/3h0DgXJzI9mqdVHzNYaK -0GZWsko9Jqr28Cq8NPp2wxeAldPBc+oiegCNBSXJC/i0N4Zrl+oj3bZ09lnG4WHT -sNbRq42p9wihanoTRaHosIjSKpB85gUXHjQIMhkI7vhQCkgxZ2sbJFKofnrjdIz8 -Oo4Aq12MdoJJye2q5YI41Y6ndxts4aYufc6Iq2JHwd12LWGYDWWGDW2lCJJurHVC -CdWYcYUozguPExUPmkDyTRozIS+J8ovN76cDdNW4tPuf2GRJhfgR97V8Yq9LuVR2 -Hr3IksF3WKv5PUmTjb03Hdw273GleKUyyiH6fY4FnW3zDPijDX5NLRTvYord/4zg -4x7SxGVmaggoHoqkujHQ+P8IejGqdUHIprL/NKFC/tytAAkKaKxLrX3/U7ljqqA1 -M6LLdTJCQGMeu/TO+0pCKzqmR4Xisf1eqsq7t69QO08Cd69nHGEn/JG+T2h78kRb -sg== +MIIF0DCCA7igAwIBAgIJAIDxP85du/cnMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0 +NVoXDTIwMDExMzE5NDU0NVowgZYxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl +bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxFzAVBgNVBAsMDkt1YmVybmV0ZXMg +QVBJMRUwEwYDVQQDDAxrMC5oc3dhdy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCkM3INHpc2gliSsI3BWlHZLMoYc7UGIDvi2rw+t6vygeXMFCVO +owL/rxfIprGBdtjKenxuMADKjVl1NzRib9BT26grBY2tvLuZbOhLnFdFZBrWvNt6 +V/sPP33IGs5lolkdI5aWKNHwk4Umobhny5AEia7iIMjdLZP6kKGYNRb5nxcTXEwG +Kr+zug9CGSZ5bQrmG8r+nCKgPb9QWNSTmg8AAG6TyoWyImpaMInOwLz2g6KCFd2y +EEbWwe6yUv+4iqPYmUjUbnECVqLuAUxMCO0RRtQHk9FUD+i2NB1wW5ixG/5+Wrkf +XLIIO+oXmC37RZKIFUJks5VmGB2M46b0IzZsgguMXJosjieML5broh7SRIOp6FRo +OLzA2QfiWV9maF/Ue/GUcurSwnsPNtsDy0sqffYjNpsdxHB25OH7abqDmbayNx/x +68HZ2Rs3BaLJM5R0PZVkbYMYTAKzRGUbA2vrpiSnhIDtD3rPTLWcNbZVrDoHGpF+ +wWs87E5VPZ7LuM5QJNg6ZBLJ7B81rvw3BYTar0H2YfLGeTjhktJ9fJVjx7gvAagB +RnipgSOLN4fiB68wTe8lyLLH+7+ZtfZl8myRzkoDvHc0iBeZa0Pr2iGCLfR5Fkqo +hU7nVRremTfIodygtTMdSozpOWRMaLJV1WJfMiB91rs+mwMBhncqa3Hp6QIDAQAB +MA0GCSqGSIb3DQEBCwUAA4ICAQBMkv4dG3gybWdggc5aCZqyanp+CU506ejVpAd2 +oPgJnvcAR1DVnHer2hMFlRk4lt1rSPsRv1bqOQLgBkOEbUJhknaSD6CknmfriX1/ +ZdBwB9JHy7E/S4QDrm/8s6HiWcKYW6eK35aP4bF8ebDp+PBmYOrHRl85vNqtjeMJ +iyXznQFL1kiuT2hBcMiQeVbEz4o0u/yAlNIxL3PXKXn0AVyW0LjLI+EAd8lCfGKy +SkJf2gw/UWx3s+rEctA6qrB29PBR03PTHvXfb53ILh8KuIh3hU3+EED7puNhNvrS +qWthIe5hAVOEaE9GfHCqdelQELrrYhAVMuO+PqtsGwZruEY6dpI493Aq+lfd+2TT +pRG/isoGvGh+Lg+pwV3DLuGnnMH47iUHnPPXbYRBvSpnhC80vx8Bnbn4l7TpuZYo +KLo5heP+Mb4sueG7KjuoOHRXcI3vHgKD2XjXFokdLBAy+75Ik0YNUWbvK76PiajE +znic15ws1lTJiY16z+JPdjpLh+ddXf2DDnFhkWNy/Fxt+dIm0Bhdgin0rPKpE8Sv +BIKiagL0VpDlVW5DUQe9ZVNW3zvyb3fvis+4+SmPcHDEq6ULgQQD6NjuPTKa7Suo +pm7SxeMmP1c0B28S1wqZAh0mxrD/yUhKA/ZagRktAhCr+CXAgePEqeCZCx0XGqUw +d/ZySw== -----END CERTIFICATE----- diff --git a/cluster/certs/kube-controller-manager.crt b/cluster/certs/kube-controller-manager.crt index 785e1ce1..cf8fb24f 100644 --- a/cluster/certs/kube-controller-manager.crt +++ b/cluster/certs/kube-controller-manager.crt @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIF9DCCA9wCCQCA8T/OXbv3DjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTI0MTlaFw0x -OTAyMTEyMTI0MTlaMIG/MQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr -aWUxFDASBgNVBAcMC01hem93aWVja2llMScwJQYDVQQKDB5zeXN0ZW06a3ViZS1j -b250cm9sbGVyLW1hbmFnZXIxMjAwBgNVBAsMKUt1YmVybmV0ZXMgQ29udHJvbGxl -ciBNYW5hZ2VyIENlcnRpZmljYXRlMScwJQYDVQQDDB5zeXN0ZW06a3ViZS1jb250 +MIIF9DCCA9ygAwIBAgIJAIDxP85du/ckMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0 +M1oXDTIwMDExMzE5NDU0M1owgboxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExJzAlBgNVBAoMHnN5c3RlbTprdWJl +LWNvbnRyb2xsZXItbWFuYWdlcjEwMC4GA1UECwwnS3ViZXJuZXRlciBDb21wb25l +bnQgY29udHJvbGxlci1tYW5hZ2VyMScwJQYDVQQDDB5zeXN0ZW06a3ViZS1jb250 cm9sbGVyLW1hbmFnZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDH NdThV//g0VWj5VX+i/Z0iLjmoxwIJYVcuzLNJwiC3jyhjKfXwo7GjkI03PB0oHmj I/OS15NqCpSbOzLNKfnBk1WjfGfbyiyJbIFWPPWnD/i4mdiKZ5ZS45nYAUqBADs6 @@ -20,15 +20,15 @@ zpd1lw8LvnVmzLHuhIr/8HLm5hnbSwcdOqX1MEFRHO7mmc6fKJ7jce3mEKdMMowV 7ue187+3rcZFc0p7Si+onAh3EpkNjkdsBOQQuOpJ+FALEP+7Bm8rivyFiBf4RyqP kMjazR4VLo9xce5p65mJBHreTwCMbgCYb4yzAXOt3KSoYuaHAFDyknaL0oCi0XAB H4g92Hrd9AY+ogKHER6aRG9rO+3zFM8LHiaOIrciBwIDAQABMA0GCSqGSIb3DQEB -CwUAA4ICAQBkN9yuv/dc10NqUYsqaTT0+1H0EhbGFAasFdqTjIqwg79PBgxeJa6L -9MjcMvPyUGkOQqGISrY5W2ZnLViSXPaSufCzSaBS8LG56yWjhkJAaWYEWrE0Or7Y -RN13Z6lXaZCcXDxg43OUo8bI/Jw1V/bMkHaqDh4ndM2wdDnWv0pbYv10EOwtXQaK -+Xfwzhn2lVIx6GtF6BbGcSdX7FCc7BIjIO9xc5E4TbdRk/97jKFnQAq4XUgLdmPi -M2z5DWgAgDn1AaBe9OTX4FFebDaMwvNrO28H1x1bFj70gClUWzTQaCeHjO9EwD/6 -cg4ze9TbBlE9qdRWV6UcFjKvxCpZ/TyCszJfVBHdagCTfl3gkNqRTCqKyY+D62u7 -w2BIa6FzxfAz2yTJ2ZbtxwephyVE693qPV/UEJ1qz80m4QKC02ee7TH+I4pcyDaX -srH7NULJ2hEIv8zAwIFJCTBAAkhLvqJ/mYh3Q2WPDJFO7UMWdsLBZ7E6zrOq00wU -6CkHQImIcBrOanIM32ylSsJve1zT1+h5b6NmhxIECFz6aoGtHbPPuCMWAkdBce+M -p9ZCvIzW5LR3iVizpKPwL53Z4u0RMNfl7LD1uMw78v63+A2n0aUO6oo9spF+rMPB -SKrCyPZ5GA/4N/NZ/WRMYQ67mkRZqofYgKzRkKlq8FS2YLTDgAbsdA== +CwUAA4ICAQAY/Kz0nL4fA7TvDcCRc4CErVbXb5q2OHWivrwOJbll7yJVt4ksh9bd +g83kmdk/Z/vUpCQcJFEdEOFu/oiQ6eLIi59pM4zTjar5KVv1vtv5zkuWJ0lKtoxe +40oV62kEgTWb4H4z3ADImgq60wRpU+Mwb0vmWF5Bto/M7Ul/+hpNudsWwY2KZzZo +cPPEkW5Yics5mVgFY9KPyEpnWoAxBBOEcmBjzwr5FTgjRLlz9723dVpj37N88lur +A2+Ezx2kRw5/KIznbeeZMBVGCLYZ+3RFJKlPaoxcoQ7Qd6isq0bkzJpeo/Dbl+NG +AgT6MX21O9sOuFwBVfpzFov1eGLNFORsDLs7zZa8mcgtEpYOn0UC4D5q17B6tmp7 +JeEvx4zdkEp8lRJkBKCJpZ86yb47a59SoV2IC4I9laUEzDyWKNn94rhJ8rN7AQke +z92xvdR4jOcOYznt/iFDI1uA2dtiIdfw8H2IMLxHyfcbzh/mm07gugrmZAZENI6/ +DZrJp6e1h505OEu0/PGzLfQnYpkEd7xdvxLODkxkqUd5BM9jCG7soYC2p3Hr69kA +BjUv/0IGagMT/TxqdoUUzjcJp7N6VbJW+z+5Ze3hUFuN86SXW2na01iq2olOy+c/ +sPY21NPreeag3NDVFxuz/+XI4cFZ5pg8wLgKGJvLeYmgNkr+1U9DGg== -----END CERTIFICATE----- diff --git a/cluster/certs/kube-proxy.crt b/cluster/certs/kube-proxy.crt index 240b98fa..63758415 100644 --- a/cluster/certs/kube-proxy.crt +++ b/cluster/certs/kube-proxy.crt @@ -1,33 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFyzCCA7MCCQCA8T/OXbv3DzANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTMwMDFaFw0x -OTAyMTEyMTMwMDFaMIGWMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr -aWUxFDASBgNVBAcMC01hem93aWVja2llMRowGAYDVQQKDBFzeXN0ZW06a3ViZS1w -cm94eTEjMCEGA1UECwwaS3ViZXJuZXRlcyBDb21wb25lbnQgcHJveHkxGjAYBgNV -BAMMEXN5c3RlbTprdWJlLXByb3h5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAy6IJdYnjgNnmFr+uWcmn7MYpK/ucfle8ySsOWxuGbmFVUfJCR6vKuIii -IisgPJVP2qdxnBDsyvHtgVUz3P8zTBqpqZdYvGgyUiQasd4DH4xypDVLdt+fmud/ -TyTqsK0/b95ugFKqbkJ09NL77/h3WjbRqPJGCTvSubSejn8vZqlIvV3O5Hj5g7gh -O+Y3iDe37Jyv6J1/ViikvroxzZ6HvaNoGNL/r6/pF6j2s1i/Q0XITawVcgu6TAHY -gY5XQj/zxNQMFr/jWcaTKDq8HLy2TVF9bCcHDDRufzcTwqZMwoY3N1jzX5Kvh4d0 -kgnj/u7BX3/fyFrIOGoqgxCYuvaQC2NGpILxSIAReaaFSSaSdR5jNQjj+7q+nNsm -RjYsswnkK5fazXnDm9C1kD2VMwnXXgkX2M6vfmSWT4FRIFQPWhekWIvJZrVrNCRo -38GiETu9oSfnZLHMemUm4SEC/pkntOFHN9ABeflkgtzGI500arQm7QN9ZT01E0e1 -iPsBC6t2Qpcc/PQy3yR3v6XkRyBzmtp7Oxx0K6REfKMCJWqwlft8FY0X1L1P+hDI -3Ek4SOKhhxYUnUUwsGex+3NujsAyqF5LI2VFzU893rXG6+ZQYqOgarH2gk/WDHgL -i7LtF2CDyOPLzurhebS6KObk/MBon2vQhSYjRR+3F5RnU8NJAX0CAwEAATANBgkq -hkiG9w0BAQsFAAOCAgEAmSZE2LS5I3kWRUVUxKQ1UT6t6GMCSfILcEGW1Q03cI6T -LbTygbOh7khIQSqlCZgKzWtmpUcc1pWGC1TwGIWcwvd/ZYJp3jPBRM3x7xs6Wnee -1t88qaqB3ZO8cOEWcSxz+WU+DNf4iZVyWkUNqKptmTX450tyVSZpT38cHB8idRrT -EwGg0sF7FGc3kGD9eIVi9L/MON218P6gOfrG24Ce8pxnGDwxXs9gC32s5Aa4mLam -1S48Sun01w47M599D14OeRh6r0OpDhFdGlQUHWMlBkLsLEZkqdknNCYDWFELHIIK -vyu28FFt8UFT0wAQRbqhYrgDqbNNJOrf4V18hrFK8XyKNivGJ9lCbhdiV4dkDEai -y/Lz3CXbW98xT+MiiRKhsPjaTU01+NcczvM330iV4gIrtt+ROosalqo4I+N+JSs5 -PIHmIQKQ+2HAiGHIzQWiM8bz4JX4iMpxkKp7hEMiedonfw1ZMBYUuGp/6GTOQDhI -s55qlDKk7PYLJfF4hLtNbfCHisczVQF7rwrZc216mlCOSoae3ySimUDtkO9Qfjmw -/qr1xy3K5hkB3FoyUikRodWPdepdDILWVHGUH7++C4hBUlNh+8PpRUiSjDsURXE9 -5vsrf1vrp64JuJuc1YPzxPyZATX7lHZcv9R7l5VZCBlKuu4MvjX50rKBeEsHh5k= +MIIFzTCCA7WgAwIBAgIJAIDxP85du/clMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0 +M1oXDTIwMDExMzE5NDU0M1owgZMxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExGjAYBgNVBAoMEXN5c3RlbTprdWJl +LXByb3h5MSMwIQYDVQQLDBpLdWJlcm5ldGVyIENvbXBvbmVudCBwcm94eTEaMBgG +A1UEAwwRc3lzdGVtOmt1YmUtcHJveHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDLogl1ieOA2eYWv65Zyafsxikr+5x+V7zJKw5bG4ZuYVVR8kJHq8q4 +iKIiKyA8lU/ap3GcEOzK8e2BVTPc/zNMGqmpl1i8aDJSJBqx3gMfjHKkNUt235+a +539PJOqwrT9v3m6AUqpuQnT00vvv+HdaNtGo8kYJO9K5tJ6Ofy9mqUi9Xc7kePmD +uCE75jeIN7fsnK/onX9WKKS+ujHNnoe9o2gY0v+vr+kXqPazWL9DRchNrBVyC7pM +AdiBjldCP/PE1AwWv+NZxpMoOrwcvLZNUX1sJwcMNG5/NxPCpkzChjc3WPNfkq+H +h3SSCeP+7sFff9/IWsg4aiqDEJi69pALY0akgvFIgBF5poVJJpJ1HmM1COP7ur6c +2yZGNiyzCeQrl9rNecOb0LWQPZUzCddeCRfYzq9+ZJZPgVEgVA9aF6RYi8lmtWs0 +JGjfwaIRO72hJ+dkscx6ZSbhIQL+mSe04Uc30AF5+WSC3MYjnTRqtCbtA31lPTUT +R7WI+wELq3ZClxz89DLfJHe/peRHIHOa2ns7HHQrpER8owIlarCV+3wVjRfUvU/6 +EMjcSThI4qGHFhSdRTCwZ7H7c26OwDKoXksjZUXNTz3etcbr5lBio6BqsfaCT9YM +eAuLsu0XYIPI48vO6uF5tLoo5uT8wGifa9CFJiNFH7cXlGdTw0kBfQIDAQABMA0G +CSqGSIb3DQEBCwUAA4ICAQBrL4zXc5T41CUlvJS84/fXy15nCcXEGKRKMuJJYuRb +GnAlmhcFHaqtGFZrKNVq8Ois1WVtp7yV3OFRDXVf2NQZVmZRjbTKTOMrISxdnxkz +OTitZhgm8/dIssyM9QI6uVn/AZnI4tV2tUCrbt48F40RKQH2GZJz2yQAfoXA/MVG +2cPzi03BglEgM4kV3F7o78DDOiXfY5RZNR3mXSOTMjqjHQ4W6c4QM15DYp+ZH20k +lEYSINAO6Es5ng570OJYrpsED1l1qkjpw0hsdmIHmGIzCx+pLcHT9yBYYAVNzOPy +lfta0c4F5kuUGGnZlkfov4veczXoXTcTjcBbUehnUHo5fzhzpWaN2H2MD+b6r7Q4 +EPqfZLY34p39Gcm9/SczlB0p4httnW/0VpxgskcDA1NIc0S6ZoBQvlphaIIyFhG1 +J0Ep1fzaKQXkqgAG0opq1k8pVK5ZPHCUWRqoMkiQUf3d0XdXQ7WYpyDVJGvaOyiw +RVrR0yRZKV320H4v2kTP6wiG2zgq/4aVAXLpkFDesoE8HNna/pWPtoi/ssVGnLGE +u4dLH6RoA3Z+BumUXKWfuFH26EgRGRvNf866bWCMCzSETrUoh7ky56IPVCMkwZft +MTwdvR5re+KFq89iK6E2SjUPHPCG3L2q4fsxRHD/zMgSKvZ70ZqH0q8cnLBgoQ87 +AQ== -----END CERTIFICATE----- diff --git a/cluster/certs/kube-scheduler.crt b/cluster/certs/kube-scheduler.crt index a3edfe9f..dc0d873d 100644 --- a/cluster/certs/kube-scheduler.crt +++ b/cluster/certs/kube-scheduler.crt @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF1zCCA78CCQCA8T/OXbv3EDANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMTMwMDZaFw0x -OTAyMTEyMTMwMDZaMIGiMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr -aWUxFDASBgNVBAcMC01hem93aWVja2llMR4wHAYDVQQKDBVzeXN0ZW06a3ViZS1z -Y2hlZHVsZXIxJzAlBgNVBAsMHkt1YmVybmV0ZXMgQ29tcG9uZW50IHNjaGVkdWxl -cjEeMBwGA1UEAwwVc3lzdGVtOmt1YmUtc2NoZWR1bGVyMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAnnIWVbnVbV2s7QDs/VSKPApWCYxQo2Px69DAfqbT -qOkZRdMoydA9ogbaIFOcwKu5s4ipQug8tj4Fmq7ONAszAcvyNzvGXeS6t0eHFwwN -jJVMwSV3yKH/gVPwAcG3pSfMlijf8ZFlg3hA/i2jSmnlec9S+9Y1egnP7r00/WRl -NsmX4zE50WECOgAauPYbnQRih7psfMF+CTPUEbsgdrrpmHeRh1j8hr/AkrRQ7EHa -r7gMxaDV2LpVNRGeCnvO/z+r9pEPF/6dWdTCGTDL5x8Zzohn70u0wjtjMxPo34ij -2WRtBpMOYW8PnDbuv9bEOrqRzpc9CMzA223mhgRFPRHVVyqgXPOGxfqnEdWV2/3a -F3BIUUTJ1Tn+VE83Uv6vEjs1N2UNngrsLQyrg/bWpAu+gM57b09t90JmpcdHOia9 -EbRfS43ADy2LaLElpULNWYRcbFUznAuGIsUfluf9Ujl6OM3fneZq254YxOp+g5ss -tsY3XFqoQdkwO7mkBQvDPVD4lKw3EEFx2WsjT0lLXX8G1Lcvo6T8ParKkiscZ1eQ -UkdUhEGiI3hOk+xBkcq5xOnDNqGiz9t98eMLF6oZ3Y5oFkyxU/le7x2z70YJiKI7 -G+qaQ3azd0nCcpph6z09g0Quh6otIHZMBLvXELB0+sO6Quxg8vWCjCaReXuuHnWr -ThUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAPTxRtV38O3JIMc+S079MdiUVOv5D -XOp92Uea1IURjg9oPVAkaiFsyr4DNdoMa+J3qaTPoHX4D1DobDzWteUOkJuMqNBg -SD/v5AZrkVvzH9jycfk7Qoqks5rlB7e0Hxj8/yyuJMzfiQBLnaJYf9sJ0jVixnxb -nzS2/V6FRMPIpaRZkp46IxfIVtXsFGleapWTIDm5iPBR2JDO3iDhe4wsEK140mHm -tTR/DLcbTXE5A/kG/JVOoKp980UUz6y0dkN7IZb2dDLMGlAynduzy9gFGmjMzsDu -m5Tt8tFfq1ur3Ppl7rWKGuiYVaN2tE18xhyx/hnfrGuWat5P+cGAAKi4aD+NEiIQ -dL5oO8vrQjCZ15gojbRS20TDy4jXeTj5xqhimezBK3I92IJt86kslqPZAWLrHVxy -OzI6yQryTvAQvfCQPvVsCt5nPIMOSOeYEXZ+PnV4XQDTKLu8pK0VyMqZQTQXcUtz -87emAel3nuVRpazqJXCPElE1Afq4iFNpRsjbPc+1cW/iG0mMAS/0LzlnkZop+t6I -5N7EvjOUSUldq9lECmBMQV3mIkG/joOOM0KdI1h3zogtoblpwmp77SJZ2vUFR89q -+rwwIkElLFzfh55uytQnZXjIqBOXcOSBC8kMEleMLa9IPNms6gkP7Co4wwHbMSTQ -g1RPicE/VHOS/rQ= +MIIF2TCCA8GgAwIBAgIJAIDxP85du/cmMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0 +NFoXDTIwMDExMzE5NDU0NFowgZ8xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExHjAcBgNVBAoMFXN5c3RlbTprdWJl +LXNjaGVkdWxlcjEnMCUGA1UECwweS3ViZXJuZXRlciBDb21wb25lbnQgc2NoZWR1 +bGVyMR4wHAYDVQQDDBVzeXN0ZW06a3ViZS1zY2hlZHVsZXIwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCechZVudVtXaztAOz9VIo8ClYJjFCjY/Hr0MB+ +ptOo6RlF0yjJ0D2iBtogU5zAq7mziKlC6Dy2PgWars40CzMBy/I3O8Zd5Lq3R4cX +DA2MlUzBJXfIof+BU/ABwbelJ8yWKN/xkWWDeED+LaNKaeV5z1L71jV6Cc/uvTT9 +ZGU2yZfjMTnRYQI6ABq49hudBGKHumx8wX4JM9QRuyB2uumYd5GHWPyGv8CStFDs +QdqvuAzFoNXYulU1EZ4Ke87/P6v2kQ8X/p1Z1MIZMMvnHxnOiGfvS7TCO2MzE+jf +iKPZZG0Gkw5hbw+cNu6/1sQ6upHOlz0IzMDbbeaGBEU9EdVXKqBc84bF+qcR1ZXb +/doXcEhRRMnVOf5UTzdS/q8SOzU3ZQ2eCuwtDKuD9takC76AzntvT233Qmalx0c6 +Jr0RtF9LjcAPLYtosSWlQs1ZhFxsVTOcC4YixR+W5/1SOXo4zd+d5mrbnhjE6n6D +myy2xjdcWqhB2TA7uaQFC8M9UPiUrDcQQXHZayNPSUtdfwbUty+jpPw9qsqSKxxn +V5BSR1SEQaIjeE6T7EGRyrnE6cM2oaLP233x4wsXqhndjmgWTLFT+V7vHbPvRgmI +ojsb6ppDdrN3ScJymmHrPT2DRC6Hqi0gdkwEu9cQsHT6w7pC7GDy9YKMJpF5e64e +datOFQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQC4VNkClOS7qFz6JKSkCWsPNGYl +SZHihD/O4Nrd6pNhYgAeOJgRuEzbud7W214SjxIbhaZGIdRDiaYrSfaVrL0DiWso +5NVIyG0h0e9DBojSEG8CjzGNjzbe2JfsqdwwbKVwbNw1WnfiUd+JvLuefTgUXhAH +K2MZbqw11JUJQw+JNS8TXYRwBrii7Fb9mf1/mG6x1iiL+LYTur2WqD0X/d2VXoY5 +r2kGlnZetjWjG0Bo4QmTws1FzbzPv/+GYycG3WFRuK3q8h0COZOfUPT3Q/prbXmT +hgRtxRecVj7jAm2Xh3eHJyXhPbDnnbTnV2DTDqQ4ADGckRAur3rYwHK0sp4fSkDV +rz8mRg7AWW+MCn7D4hRh/XVKE4+kAB8kfl1sstZhMIEUITvJBHeFDAu+w9PfrMxm +Z2R7ulGVgexKHLqfjufGQMZlYgeqFr+ZJgl+4xFZvnz/x9vKuDYnHubmr99gAyJY +hx6PFrERiymUbDqsP60KzL0Weez6VDKME5SxJwhy9ZFXWq+PkK7urVNvk3fpf3vt +plCq3Z0dV35hcE51PPEO2W5DV+8gofDtfjwn1njqtohBrArSwtbZGzzWlmbBqF4W +kjEPdf1xib1wJHy6FW/jWnELFqsUzpWpLtTHOXJdoliH8KFdcQVqxf/uBi7riYas +gBStDZ7N+bB3HknHew== -----END CERTIFICATE----- diff --git a/cluster/certs/kube-serviceaccounts.crt b/cluster/certs/kube-serviceaccounts.crt index 8a1897e7..d853bfd1 100644 --- a/cluster/certs/kube-serviceaccounts.crt +++ b/cluster/certs/kube-serviceaccounts.crt @@ -1,33 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIFrjCCA5YCCQCA8T/OXbv3FTANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMC -UEwxFDASBgNVBAgMC01hem93aWVja2llMREwDwYDVQQHDAhXYXJzemF3YTEuMCwG -A1UECgwlU3Rvd2FyenlzemVuaWUgV2Fyc3phd3NraSBIYWNrZXJzcGFjZTEQMA4G -A1UECwwHaHNjbG91ZDEaMBgGA1UEAwwRQm9vdHN0cmFwIE5vZGUgQ0ExITAfBgkq -hkiG9w0BCQEWEnEza0BoYWNrZXJzcGFjZS5wbDAeFw0xOTAxMTIyMjA4MTBaFw0x -OTAyMTEyMjA4MTBaMHoxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tp -ZTEUMBIGA1UEBwwLTWF6b3dpZWNraWUxJDAiBgNVBAoMG0t1YmVybmV0ZXMgU2Vy -dmljZSBBY2NvdW50czEZMBcGA1UEAwwQc2VydmljZS1hY2NvdW50czCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVIKq5dWNAA1Q0giQYWCyCsIrGoXiBP -WzEhwOeyjKdwReex2p9gCffK+LSIRmrQnAyQCFYj2T2gBXgM5beEwGupZlSNGcc/ -BTCh7C9TCoJnKM7OEVLLLYTaISrvJ+tmSDFVUch1QyirXv3+NFFrx+T+hSaqKJA1 -bL/+rpVfUBJft6WHigp/BEwXCd/q9A7tZSbbCqVtg0doaOJcMxW4ZTLHxcb8XRzV -isBA8g/Hm9ToZVX5Cl2XfwT/AMhQJL9E+aXwzZDl4GWOjY9eGvbq07Y5C467lQG/ -ODh7uTWsQqwyXBBIBMHY8hXIs1CtY3rNS4jalXY5QTo6t6Fkjqqlnd6j5AmLj3pC -uJl5nq0ufOg89rD1AgkbTdKLbk+NPunVQsTHsRDY45wEFeNShAXUoOSqionkYSoD -aJ79T0WGhsVRpCmqJmw5ZgbTy72gRHM2cr6HTnteMuxuWh0GLh3bH6gsWLSrZX/N -vrK2zeMeJxMTIBcKQ6rerqkV3s3xhRtJTk6DwGCTorM+hJsqWDovy20PBddBE2Xj -/UJHr7XuEUIQKgpFUq9N45fQ7tGX+tpakvlaYFmiGloN9B9WlEE40Lin0rvdueUr -s/UTfwOutY7iQ7vGuYYXQq5FdULMFmeAb7x2kckwGDsLIfRa/dmatwSBvStHBZiP -wtjvURDM7YPZAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAAwmZd6/Z6uOcrswDZbx -IK3M+l8e+xJUP+4ARZK9Of98tI4yCFQko3qWapi6pSDpMU/kvLxrj606e6NzoNoQ -VFnnrZSeq7a5nPDBoid1OzPViI64xcfSdnVmE9uGhmLKaZY2GLtD3v8Qy7jBeJOZ -xff83E5d2NWbbraXVe9PdFvUd4k6cNKeAUpyV+yr4P58MyNLD/kS3f2WNqz9sduN -ZouZ/MRkS8vG/nam/G8v9FXSVXekXUHU0I+Ar2jrhEfWdA9viCTCJZRHL8jasIpz -KBDHLa2Ywv8oGe4yxgEiGlSOM697tQUwV9MPT8H8O46Lm4/ZbkxRlsHRvjd5qCKA -tPmnGlAK7m2fXDQLHhXVy5dKuuZplsVn6+ieymQ31v86sMaSGYE+Zg9ynWlbwRnI -TbutwuONEEaucAkICf3gNV87kSL4BICpNmyRGuUnSNQscHnn3+0Px5qRLggl0zOc -N5JfyY+oPPoFfop7TE/pDPEhpLyojXtcAebNGxfja6w2VpG7xO7KFIKIEZ/jrmcY -D7XDoXPxn8KtoHNQkjayken75867J67yEftYELHHkD1kM+5V3ZxiiyNC2KDGwjHD -SMgCI1QacFCLz0+aCyvhhdsCYUYO9T2DZXzTpXcBGbod2LkTRI92kyIPKldLLwSx -7kgCUIUpS2PS4gElXF0QAPJp +MIIF5zCCA8+gAwIBAgIJAIDxP85du/coMA0GCSqGSIb3DQEBCwUAMIG3MQswCQYD +VQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUxETAPBgNVBAcMCFdhcnN6YXdh +MS4wLAYDVQQKDCVTdG93YXJ6eXN6ZW5pZSBXYXJzemF3c2tpIEhhY2tlcnNwYWNl +MRAwDgYDVQQLDAdoc2Nsb3VkMRowGAYDVQQDDBFCb290c3RyYXAgTm9kZSBDQTEh +MB8GCSqGSIb3DQEJARYScTNrQGhhY2tlcnNwYWNlLnBsMB4XDTE5MDExMzE5NDU0 +NVoXDTIwMDExMzE5NDU0NVowga0xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpv +d2llY2tpZTERMA8GA1UEBwwIV2Fyc3phd2ExLjAsBgNVBAoMJVN0b3dhcnp5c3pl +bmllIFdhcnN6YXdza2kgSGFja2Vyc3BhY2UxKjAoBgNVBAsMIUt1YmVybmV0ZXMg +U2VydmljZSBBY2NvdW50IFNpZ25lcjEZMBcGA1UEAwwQc2VydmljZS1hY2NvdW50 +czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVIKq5dWNAA1Q0giQYW +CyCsIrGoXiBPWzEhwOeyjKdwReex2p9gCffK+LSIRmrQnAyQCFYj2T2gBXgM5beE +wGupZlSNGcc/BTCh7C9TCoJnKM7OEVLLLYTaISrvJ+tmSDFVUch1QyirXv3+NFFr +x+T+hSaqKJA1bL/+rpVfUBJft6WHigp/BEwXCd/q9A7tZSbbCqVtg0doaOJcMxW4 +ZTLHxcb8XRzVisBA8g/Hm9ToZVX5Cl2XfwT/AMhQJL9E+aXwzZDl4GWOjY9eGvbq +07Y5C467lQG/ODh7uTWsQqwyXBBIBMHY8hXIs1CtY3rNS4jalXY5QTo6t6Fkjqql +nd6j5AmLj3pCuJl5nq0ufOg89rD1AgkbTdKLbk+NPunVQsTHsRDY45wEFeNShAXU +oOSqionkYSoDaJ79T0WGhsVRpCmqJmw5ZgbTy72gRHM2cr6HTnteMuxuWh0GLh3b +H6gsWLSrZX/NvrK2zeMeJxMTIBcKQ6rerqkV3s3xhRtJTk6DwGCTorM+hJsqWDov +y20PBddBE2Xj/UJHr7XuEUIQKgpFUq9N45fQ7tGX+tpakvlaYFmiGloN9B9WlEE4 +0Lin0rvdueUrs/UTfwOutY7iQ7vGuYYXQq5FdULMFmeAb7x2kckwGDsLIfRa/dma +twSBvStHBZiPwtjvURDM7YPZAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAFm01HCY +EEbzh4zAENHSdqDmwkbt58f8KpLLmS03nl1S3E0CiujnuR+exkOx5Kgb9TB9KbBK +/sa9ewNRFvIDMZp3rmIcW1iruQta6KgSBOJeWP1SCgLXQPWHhZ9gak3gaCUZEztD +UMwdnHD0pcAfghw5BTvVpc1t3DKFZ4HeLaBIXPgLQEzEuBDKfNwHc/2QLmFKIcLB +nQNtz4gGGAgR51Wzpju4fj5qCG+nj2q8dL3mkUiXj1E0eVTkVqFx7vYz0c7kUbjQ +fh4nBCva1hnHF38lb9nAQe1nraR3Yi52rbJrtcI0avDeIhPJo3dulU29zen/uk5O +6JLTCidYuHFD2025VEv9eeAegZVq3FigghBtMT6nv4Lgg5HGcZGKJ27zDzfOYwkP +NqjDCUOzBjRp6p6yIErr2w1k43mX+UABu8M7cQ5jvHeOgRAvLe3HmdYoKz75Ii1k +Zsj2Zwfy5rSJavIhzoJFGWkyYskJZmzUD7bQIMizWIx09mrwwXcisHuFxNTej1J0 +ZhY32/kAlXnBvyqEtxQfr0VtN3UYurjSXgWzWiqiM/TvsGt05RQ9jEebCSZf99f4 +nFGBYrQhbtKjchdebRbpZ17aVa6J3xYO2pu3/YIy3h+HPsWgv/velvBBafNknWt6 +0vrLPy6Q8MtE6cC6JAEiIGHJU+PjMBVr3P0b -----END CERTIFICATE----- diff --git a/cluster/secrets/.gitignore b/cluster/secrets/.gitignore new file mode 100644 index 00000000..b9bca019 --- /dev/null +++ b/cluster/secrets/.gitignore @@ -0,0 +1 @@ +plain diff --git a/data/secrets/.gitignore b/data/secrets/.gitignore deleted file mode 100644 index 5f20d6f6..00000000 --- a/data/secrets/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -* -!.gitignore -!cipher/ diff --git a/env.sh b/env.sh index cef844ef..d058ea55 100644 --- a/env.sh +++ b/env.sh @@ -5,7 +5,7 @@ if [ "$0" == "$BASH_SOURCE" ]; then exit 1 fi -hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )" +export hscloud_root="$( cd "$(dirname "$BASH_SOURCE")"; pwd -P )" if [ ! -f "$hscloud_root/WORKSPACE" ]; then echo "Could not find WORKSPACE" @@ -16,200 +16,6 @@ hscloud_path="$hscloud_root/bazel-bin/tools" [[ ":$PATH:" != *":$hscloud_path:"* ]] && PATH="$hscloud_path:${PATH}" -# legacy crap follows - -hscloud-dc() { - ( cd "$hscloud_root" && docker-compose -f "docker/docker-compose.yml" "$@" ) -} - -hscloud-pki-dev() { - ( - set -e - - cd "$hscloud_root" - rm -rf docker/pki - - cp -rv go/pki/dev-certs docker/pki - cd docker/pki - bash gen.sh m6220-proxy arista-proxy cmc-proxy topo client - ls *pem - ) -} - -# Generate a per-node certificate remotely on the node. -hscloud-node-remote-cert() { - ( - set -e - if [ -z "$1" ] || [ -z "$2" ] || [ -x "$3" ]; then - echo >&2 "Usage: hscloud-node-remote-cert node.fqdn.com certname subj" - exit 1 - fi - fqdn="$1" - certname="$2" - subj="$3" - - echo "Node: ${fqdn}; Cert: ${certname}" - - echo "Checking node livenes..." - ssh root@$fqdn uname -a - - echo "Checking if node already has key..." - ssh root@$fqdn stat /opt/hscloud/${certname}.key || ( - echo "Generating key..." - ssh root@$fqdn -- mkdir -p /opt/hscloud - ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl genrsa -out /opt/hscloud/${certname}.key 4096\"" - ssh root@$fqdn -- chmod 400 /opt/hscloud/${certname}.key - ) - - echo "Checking if node already has cert..." - ssh root@$fqdn stat /opt/hscloud/${certname}.crt && exit 0 - echo "No cert, will generate..." - - cd "$hscloud_root" - secrets="$hscloud_root/secrets" - ca="$secrets/ca.key" - [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca ) - - cp data/openssl.cnf san.cnf - echo -ne "\n[SAN]\nsubjectAltName=DNS:${fqdn}" >> san.cnf - scp san.cnf root@$fqdn:/opt/hscloud/san.cnf - - ssh root@$fqdn -- nix-shell -p openssl --command "\"openssl req -new -key /opt/hscloud/${certname}.key -out /opt/hscloud/${certname}.csr -subj '${subj}' -config /opt/hscloud/san.cnf -reqexts SAN\"" - scp root@$fqdn:/opt/hscloud/${certname}.csr ${fqdn}-${certname}.csr - openssl x509 -req \ - -in ${fqdn}-${certname}.csr \ - -CA data/ca.crt \ - -CAkey "$ca" -CAcreateserial \ - -out "data/${fqdn}-${certname}.crt" \ - -extensions SAN -extfile san.cnf - - scp "data/${fqdn}-${certname}.crt" root@$fqdn:/opt/hscloud/${certname}.crt - scp "data/ca.crt" root@$fqdn:/opt/hscloud/ca.crt - ssh root@$fqdn -- chmod 444 /opt/hscloud/${certname}.crt /opt/hscloud/ca.crt - rm ${fqdn}-${certname}.csr - rm san.cnf - ) -} - -# Generate locally (if not present) a shared certificate, and upload it to the node -hscloud-node-shared-cert() { - ( - set -e - if [ -z "$1" ] || [ -z "$2" ] || [ -x "$3" ]; then - echo >&2 "Usage: hscloud-node-shared-cert node.fqdn.com certname subj" - exit 1 - fi - fqdn="$1" - certname="$2" - subj="$3" - - cd "$hscloud_root" - secrets="$hscloud_root/secrets" - keyfile="$secrets/$certname.key" - cert="$hscloud_root/data/$certname.crt" - csr="$hscloud_root/data/$certname.csr" - ca="$secrets/ca.key" - [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca ) - - echo "Checking if key exists..." - if [ ! -f "$keyfile" ]; then - echo "No key, trying to decrypt..." - if ! scripts/secretstore decrypt "$secrets/cipher/$certname.key" > "$keyfile" ; then - echo "No encrypted key, generating..." - openssl genrsa -out $keyfile 4096 - echo "Encrypting..." - scripts/secretstore encrypt "$keyfile" > "$secrets/cipher/$certname.key" - fi - fi - - echo "Checking if cert exists..." - if [ ! -f "$cert" ]; then - echo "No cert, generating..." - rm -f "${csr}" - openssl req -new -key "${keyfile}" -out "${csr}" -subj "${subj}" - openssl x509 -req -in "${csr}" -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "${cert}" - fi - - echo "Copying certificate to node..." - scp "${cert}" root@$fqdn:/opt/hscloud/${certname}.crt - scp "${keyfile}" root@$fqdn:/opt/hscloud/${certname}.key - ssh root@$fqdn -- chmod 444 /opt/hscloud/${certname}.crt - ssh root@$fqdn -- chmod 400 /opt/hscloud/${certname}.key - ) -} - -hscloud-node-certs() { - ( - set -e - - if [ -z "$1" ]; then - echo >&2 "Usage: hscloud-node-certs node.fqdn.com" - exit 1 - fi - fqdn="$1" - - hscloud-node-remote-cert ${fqdn} node "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Stowarzyszenie Warszawski Hackerspace/OU=Node Bootstrap Certificate/CN=\"$fqdn\"" - hscloud-node-remote-cert ${fqdn} kube-node "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=system:nodes/OU=Kubernetes Node Certificate/CN=system:node:\"$fqdn\"" - for component in controller-manager proxy scheduler; do - hscloud-node-shared-cert ${fqdn} kube-${component} "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=system:kube-${component}/OU=Kubernetes Component ${component}/CN=system:kube-${component}" - done - hscloud-node-shared-cert ${fqdn} kube-apiserver "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Kubernetes API/CN=k0.hswaw.net" - hscloud-node-shared-cert ${fqdn} kube-serviceaccounts "/C=PL/ST=Mazowieckie/L=Mazowieckie/O=Kubernetes Service Accounts/CN=service-accounts" - ) -} - -hscloud-k8s-config() { - ( - set -e - - if [ -z "$1" ]; then - echo >&2 "Usage: hscloud-k8s-config username" - exit 1 - fi - username="$1" - - cd "$hscloud_root" - mkdir -p .kubectl - - cert="$hscloud_root/.kubectl/client.crt" - csr="$hscloud_root/.kubectl/client.csr" - keyfile="$hscloud_root/.kubectl/client.key" - secrets="$hscloud_root/secrets" - ca="$secrets/ca.key" - - if [ ! -f "$keyfile" ]; then - echo "Generating ${keyfile}..." - openssl genrsa -out $keyfile 4096 - rm -f "$cert" - fi - if [ ! -f "$cert" ]; then - echo "Signing ${cert}..." - [ ! -f "$ca" ] && ( scripts/secretstore decrypt "$secrets/cipher/ca.key" > $ca ) - openssl req -new -key "${keyfile}" -out "${csr}" -subj "/C=PL/ST=Mazowieckie/O=system:masters/OU=Kubernetes Admin Account for ${username}/CN=${username}" - openssl x509 -req -in "${csr}" -CA data/ca.crt -CAkey "$ca" -CAcreateserial -out "${cert}" - fi - - kubeconfig="$hscloud_root/.kubectl/client.kubeconfig" - echo "Generating ${kubeconfig}..." - rm -rf ${kubeconfig} - - kubectl config set-cluster k0.hswaw.net \ - --certificate-authority=${hscloud_root}/data/ca.crt \ - --embed-certs=true \ - --server=https://k0.hswaw.net:4001 \ - --kubeconfig=${kubeconfig} - - kubectl config set-credentials ${username} \ - --client-certificate=${cert} \ - --client-key=${keyfile} \ - --embed-certs=true \ - --kubeconfig=${kubeconfig} - - kubectl config set-context default \ - --cluster=k0.hswaw.net \ - --user=${username} \ - --kubeconfig=${kubeconfig} - - kubectl config use-context default --kubeconfig=${kubeconfig} - ) +gpg-unlock() { + echo "test" | gpg2 --sign --batch --no-tty -o /dev/null } diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..5f27f9bd --- /dev/null +++ b/requirements.txt @@ -0,0 +1,12 @@ +asn1crypto==0.24.0 +bcrypt==3.1.5 +cffi==1.11.5 +cryptography==2.4.2 +fabric==2.4.0 +idna==2.8 +invoke==1.2.0 +paramiko==2.4.2 +pyasn1==0.4.5 +pycparser==2.19 +PyNaCl==1.3.0 +six==1.12.0 diff --git a/tools/BUILD b/tools/BUILD index 9a1df683..dfdef2fa 100644 --- a/tools/BUILD +++ b/tools/BUILD @@ -1,25 +1,36 @@ +load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar", "pkg_deb") +load("@py_deps//:requirements.bzl", "requirement") load("//bzl:rules.bzl", "copy_go_binary") py_binary( name = "secretstore", srcs = ["secretstore.py"], + visibility = ["//visibility:public"], +) + +py_binary( + name = "clustercfg", + srcs = ["clustercfg.py"], + visibility = ["//visibility:public"], + deps = [ + requirement("fabric"), + ], +) + +py_binary( + name = "pass", + srcs = ["pass.py"], + visibility = ["//visibility:public"], ) copy_go_binary( name = "kubectl", src = "@io_k8s_kubernetes//cmd/kubectl:kubectl", + visibility = ["//visibility:public"], ) copy_go_binary( name = "kubecfg", src = "@com_github_ksonnet_kubecfg//:kubecfg", -) - -filegroup( - name = "tools", - srcs = [ - ":secretstore", - ":kubectl", - ":kubecfg", - ], + visibility = ["//visibility:public"], ) diff --git a/tools/clustercfg.py b/tools/clustercfg.py new file mode 100644 index 00000000..332d6e62 --- /dev/null +++ b/tools/clustercfg.py @@ -0,0 +1,352 @@ +#!/usr/bin/env python + +from builtins import object + +import datetime +from io import BytesIO +import logging +import os +import tempfile +import subprocess +import sys + +from cryptography import x509 +from cryptography.hazmat.backends import default_backend +import fabric + +import secretstore + + +cluster = 'k0.hswaw.net' +remote_root = '/opt/hscloud' +local_root = os.getenv('hscloud_root') + +if local_root is None: + raise Exception("Please source env.sh") + +logger = logging.getLogger(__name__) +logger.setLevel(logging.DEBUG) +logger.addHandler(logging.StreamHandler()) + + +def decrypt(base): + src = os.path.join(local_root, 'cluster/secrets/cipher', base) + dst = os.path.join(local_root, 'cluster/secrets/plain', base) + secretstore.decrypt(src, dst) + + +class PKI(object): + def __init__(self): + self.cacert = os.path.join(local_root, 'cluster/certs/ca.crt') + self.cakey = os.path.join(local_root, 'cluster/secrets/plain/ca.key') + + if not os.path.exists(self.cakey): + decrypt('ca.key') + + def sign(self, csr, crt, conf, days=365): + logger.info('pki: signing {} for {} days'.format(csr, days)) + subprocess.check_call([ + 'openssl', 'x509', '-req', + '-in', csr, + '-CA', self.cacert, + '-CAkey', self.cakey, + '-out', crt, + '-extensions', 'SAN', '-extfile', conf, + '-days', str(days), + ]) + + +class Subject(object): + hswaw = "Stowarzyszenie Warszawski Hackerspace" + def __init__(self, o, ou, cn): + self.c = 'PL' + self.st = 'Mazowieckie' + self.l = 'Warszawa' + self.o = o + self.ou = ou + self.cn = cn + + @property + def parts(self): + return { + 'C': self.c, + 'ST': self.st, + 'L': self.l, + 'O': self.o, + 'OU': self.ou, + 'CN': self.cn, + } + + def __str__(self): + parts = self.parts + res = [] + for p in ['C', 'ST', 'L', 'O', 'OU', 'CN']: + res.append('/{}={}'.format(p, parts[p])) + return ''.join(res) + +def _file_exists(c, filename): + res = c.run('stat "{}"'.format(filename), warn=True, hide=True) + return res.exited == 0 + +def openssl_config(san): + with open(os.path.join(local_root, 'cluster/openssl.cnf'), 'rb') as f: + config = BytesIO(f.read()) + + config.seek(0, 2) + config.write(b'\n[SAN]\n') + for s in san: + config.write('subjectAltName=DNS:{}\n'.format(s).encode()) + + f = tempfile.NamedTemporaryFile(delete=False) + path = f.name + f.write(config.getvalue()) + f.close() + + return path + +def remote_cert(pki, c, fqdn, cert_name, subj, san=[], days=365): + logger.info("{}/{}: remote cert".format(fqdn, cert_name)) + + remote_key = os.path.join(remote_root, '{}.key'.format(cert_name)) + remote_cert = os.path.join(remote_root, '{}.crt'.format(cert_name)) + remote_csr = os.path.join(remote_root, '{}.csr'.format(cert_name)) + remote_config = os.path.join(remote_root, 'openssl.cnf') + + generate_cert = False + if not _file_exists(c, remote_key): + logger.info("{}/{}: generating key".format(fqdn, cert_name)) + c.run('openssl genrsa -out "{}" 4096'.format(remote_key), hide=True) + genereate_cert = True + + b = BytesIO() + try: + c.get(local=b, remote=remote_cert) + cert = x509.load_pem_x509_certificate(b.getvalue(), default_backend()) + delta = cert.not_valid_after - datetime.datetime.now() + logger.info("{}/{}: existing cert expiry: {}".format(fqdn, cert_name, delta)) + if delta.total_seconds() < 3600 * 24 * 60: + logger.info("{}/{}: expires soon, regenerating".format(fqdn, cert_name)) + generate_cert = True + except (FileNotFoundError, ValueError): + generate_cert = True + + if not generate_cert: + return False + + + local_config = openssl_config(san) + c.put(local=local_config, remote=remote_config) + + c.run(""" + nix-shell -p openssl --command "openssl req -new -key {remote_key} -out {remote_csr} -subj '{subj}' -config {remote_config} -reqexts SAN" + """.format(remote_key=remote_key, remote_csr=remote_csr, subj=str(subj), remote_config=remote_config)) + + local_csr_f = tempfile.NamedTemporaryFile(delete=False) + local_csr = local_csr_f.name + local_csr_f.close() + + local_cert = os.path.join(local_root, 'cluster/certs', '{}-{}.crt'.format(fqdn, cert_name)) + + c.get(local=local_csr, remote=remote_csr) + + pki.sign(local_csr, local_cert, local_config, days) + + c.put(local=local_cert, remote=remote_cert) + + os.remove(local_csr) + os.remove(local_config) + + return True + + +def shared_cert(pki, c, fqdn, cert_name, subj, san=[], days=365): + logger.info("{}/{}: shared cert".format(fqdn, cert_name)) + + local_key = os.path.join(local_root, 'cluster/secrets/plain', '{}.key'.format(cert_name)) + local_cert = os.path.join(local_root, 'cluster/certs', '{}.crt'.format(cert_name)) + remote_key = os.path.join(remote_root, '{}.key'.format(cert_name)) + remote_cert = os.path.join(remote_root, '{}.crt'.format(cert_name)) + + generate_cert = False + if not os.path.exists(local_key): + try: + decrypt('{}.key'.format(cert_name)) + except subprocess.CalledProcessError: + logger.info("{}/{}: generating key".format(fqdn, cert_name)) + subprocess.check_call([ + 'openssl', 'genrsa', '-out', local_key, '4096', + ]) + generate_cert = True + + if os.path.exists(local_cert): + with open(local_cert, 'rb') as f: + b = f.read() + cert = x509.load_pem_x509_certificate(b, default_backend()) + delta = cert.not_valid_after - datetime.datetime.now() + logger.info("{}/{}: existing cert expiry: {}".format(fqdn, cert_name, delta)) + if delta.total_seconds() < 3600 * 24 * 60: + logger.info("{}/{}: expires soon, regenerating".format(fqdn, cert_name)) + generate_cert = True + else: + generate_cert = True + + if not generate_cert: + return False + + local_csr_f = tempfile.NamedTemporaryFile(delete=False) + local_csr = local_csr_f.name + local_csr_f.close() + + local_config = openssl_config(san) + + subprocess.check_call([ + 'openssl', 'req', '-new', + '-key', local_key, + '-out', local_csr, + '-subj', str(subj), + '-config', local_config, + '-reqexts', 'SAN', + ]) + + pki.sign(local_csr, local_cert, local_config, days) + + c.put(local=local_key, remote=remote_key) + c.put(local=local_cert, remote=remote_cert) + + os.remove(local_csr) + os.remove(local_config) + return True + + +def configure_k8s(username, ca, cert, key): + subprocess.check_call([ + 'kubectl', 'config', + 'set-cluster', cluster, + '--certificate-authority=' + ca, + '--embed-certs=true', + '--server=https://' + cluster + ':4001', + ]) + subprocess.check_call([ + 'kubectl', 'config', + 'set-credentials', username, + '--client-certificate=' + cert, + '--client-key=' + key, + '--embed-certs=true', + ]) + subprocess.check_call([ + 'kubectl', 'config', + 'set-context', cluster, + '--cluster=' + cluster, + '--user=' + username, + ]) + subprocess.check_call([ + 'kubectl', 'config', + 'use-context', cluster, + ]) + +def admincreds(args): + if len(args) != 1: + sys.stderr.write("Usage: admincreds q3k\n") + return 1 + username = args[0] + + pki = PKI() + + local_key = os.path.join(local_root, '.kubectl/admin.key') + local_cert = os.path.join(local_root, '.kubectl/admin.crt') + local_csr = os.path.join(local_root, '.kubectl/admin.csr') + + generate_cert = False + if not os.path.exists(local_key): + subprocess.check_call([ + 'openssl', 'genrsa', '-out', local_key, '4096', + ]) + generate_cert = True + + if os.path.exists(local_cert): + with open(local_cert, 'rb') as f: + b = f.read() + cert = x509.load_pem_x509_certificate(b, default_backend()) + delta = cert.not_valid_after - datetime.datetime.now() + logger.info("admin: existing cert expiry: {}".format(delta)) + if delta.total_seconds() < 3600 * 24: + logger.info("admin: expires soon, regenerating") + generate_cert = True + else: + generate_cert = True + + if not generate_cert: + return configure_k8s(username, pki.cacert, local_cert, local_key) + + local_config = openssl_config([]) + subj = Subject('system:masters', "Kubernetes Admin Account for {}".format(username), username) + + subprocess.check_call([ + 'openssl', 'req', '-new', + '-key', local_key, + '-out', local_csr, + '-subj', str(subj), + '-config', local_config, + '-reqexts', 'SAN', + ]) + + pki.sign(local_csr, local_cert, local_config, 5) + os.remove(local_config) + + configure_k8s(username, pki.cacert, local_cert, local_key) + + +def nodestrap(args): + if len(args) != 1: + sys.stderr.write("Usage: nodestrap bc01n01.hswaw.net\n") + return 1 + fqdn = args[0] + + logger.info("Nodestrapping {}...".format(fqdn)) + + c = fabric.Connection('root@{}'.format(fqdn)) + p = PKI() + + modified = False + modified |= remote_cert(p, c, fqdn, "node", Subject(Subject.hswaw, 'Node Certificate', fqdn)) + modified |= remote_cert(p, c, fqdn, "kube-node", Subject('system:nodes', 'Kubelet Certificate', 'system:node:' + fqdn), san=[fqdn,]) + for component in ['controller-manager', 'proxy', 'scheduler']: + o = 'system:kube-{}'.format(component) + ou = 'Kuberneter Component {}'.format(component) + modified |= shared_cert(p, c, fqdn, 'kube-{}'.format(component), Subject(o, ou, o)) + modified |= shared_cert(p, c, fqdn, 'kube-apiserver', Subject(Subject.hswaw, 'Kubernetes API', cluster)) + modified |= shared_cert(p, c, fqdn, 'kube-serviceaccounts', Subject(Subject.hswaw, 'Kubernetes Service Account Signer', 'service-accounts')) + + if modified: + logger.info('{}: cert(s) modified, restarting services...'.format(fqdn)) + + services = [ + 'kubelet', 'kube-proxy', + 'kube-apiserver', 'kube-controller-manager', 'kube-scheduler', + 'etcd' + ] + + for s in services: + c.run('systemctl stop {}'.format(s)) + for s in services[::-1]: + c.run('systemctl start {}'.format(s)) + +def usage(): + sys.stderr.write("Usage: {} \n".format(sys.argv[0])) + +def main(): + if len(sys.argv) < 2: + usage() + return 1 + + mode = sys.argv[1] + if mode == "nodestrap": + return nodestrap(sys.argv[2:]) + elif mode == "admincreds": + return admincreds(sys.argv[2:]) + else: + usage() + return 1 + +if __name__ == '__main__': + sys.exit(main() or 0) diff --git a/tools/install.sh b/tools/install.sh new file mode 100755 index 00000000..c16e14ac --- /dev/null +++ b/tools/install.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +if [ -z "$hscloud_root" ]; then + echo 2>&1 "Please first source env.sh" + exit 1 +fi + +cd "${hscloud_root}" + +bazel build \ + //tools:kubectl //tools:kubecfg //tools:clustercfg //tools:secretstore \ + //tools:pass diff --git a/tools/pass.py b/tools/pass.py new file mode 100644 index 00000000..f291205c --- /dev/null +++ b/tools/pass.py @@ -0,0 +1,6 @@ +#!/usr/bin/env python + +# This is a fake `pass` to make docker-credential-helpers shut up. + +import sys +sys.exit(1) diff --git a/tools/secretstore.py b/tools/secretstore.py index 6b88d286..c6a171b2 100644 --- a/tools/secretstore.py +++ b/tools/secretstore.py @@ -10,6 +10,18 @@ keys = [ "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf ] +def encrypt(src, dst): + cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst] + for k in keys: + cmd.append('--recipient') + cmd.append(k) + cmd.append(src) + subprocess.check_call(cmd) + +def decrypt(src, dst): + cmd = ['gpg', '--decrypt', '--output', dst, src] + subprocess.check_call(cmd) + def main(): if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'): sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0])) @@ -20,15 +32,9 @@ def main(): src = sys.argv[2] if action == 'encrypt': - cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', '-'] - for k in keys: - cmd.append('--recipient') - cmd.append(k) - cmd.append(src) - subprocess.check_call(cmd) + encrypt(src, '-') else: - cmd = ['gpg', '--decrypt', '--output', '-', src] - subprocess.check_call(cmd) + decrypt(src, '-') if __name__ == '__main__': sys.exit(main() or 0)