cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
1,243 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

2 Commits (5cd3d5299c31d91a1ce27b90c51e5c028cdd8b4d)

Author SHA1 Message Date
q3k bdf2fa326f cluster/certs: finish replacing all CAs 
This finishes the regeneration of all cluster CAs/certs to be never
expiring ED25519 certs.

We still have leftovers of the old Kube CA (and it's still being
accepted in Kubernetes components). Cleaning that up is the next step.

Change-Id: I883f94fd8cef3e3b5feefdf56ee106e462bb04a9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1500
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-04-01 13:55:14 +00:00
q3k 73cef11c85 *: rejigger tls certs and more 
This pretty large change does the following:

 - moves nix from bootstrap.hswaw.net to nix/
 - changes clustercfg to use cfssl and moves it to cluster/clustercfg
 - changes clustercfg to source information about target location of
   certs from nix
 - changes clustercfg to push nix config
 - changes tls certs to have more than one CA
 - recalculates all TLS certs
   (it keeps the old serviceaccoutns key, otherwise we end up with
   invalid serviceaccounts - the cert doesn't match, but who cares,
   it's not used anyway)
 2019-04-07 00:06:23 +02:00