hscloud

cheshire

hscloud

forked from hswaw/hscloud

Fork 0

Commit Graph

Author	SHA1	Message	Date
q3k	a4f8a459b9	cluster: partial cert bump Done: 1. etcd peer CA & certs 2. etcd client CA & certs 3. kube CA (currently all components set to accept both new and old CA, new CA called ca-kube-new) 4. kube apiserver 5. kubelet & kube-proxy 6. prodvider intermediate TODO: 1. kubernetes controller-manager & kubernetes scheduler 2. kubefront CA 3. admitomatic? 4. undo bundle on kube CA components to fully transition away from old CA Change-Id: If529eeaed9a6a2063bed23c9d81c57b36b9a0115 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1487 Reviewed-by: q3k <q3k@hackerspace.pl>	2023-03-31 22:53:59 +00:00
q3k	7371b7288b	tools/secretstore: add sync command, re-encrypt This kills two birds with one stone: - update the secretstore tool to be slightly smarter about secrets, to the point where we can now just point it at a secret directory and ask it to 'sync' all secrets in there - runs the new fancy sync command on all keys to update them, which is a follow up to gerrit/328. Change-Id: I0eec4a3e8afcd9481b0b248154983aac25657c40	2020-06-04 19:25:07 +00:00
q3k	d493ab66ca	*: add dcr01s{22,24} Change-Id: I072e825e2e1d199d9da50b9d38a9ffba68e61182	2019-10-31 17:07:50 +01:00

Author

SHA1

Message

Date

q3k

a4f8a459b9

cluster: partial cert bump

Done:

 1. etcd peer CA & certs
 2. etcd client CA & certs
 3. kube CA (currently all components set to accept both new and old CA,
    new CA called ca-kube-new)
 4. kube apiserver
 5. kubelet & kube-proxy
 6. prodvider intermediate

TODO:

 1. kubernetes controller-manager & kubernetes scheduler
 2. kubefront CA
 3. admitomatic?
 4. undo bundle on kube CA components to fully transition away from old
    CA

Change-Id: If529eeaed9a6a2063bed23c9d81c57b36b9a0115
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1487
Reviewed-by: q3k <q3k@hackerspace.pl>

2023-03-31 22:53:59 +00:00

q3k

7371b7288b

tools/secretstore: add sync command, re-encrypt

This kills two birds with one stone:

 - update the secretstore tool to be slightly smarter about secrets, to
   the point where we can now just point it at a secret directory and
   ask it to 'sync' all secrets in there
 - runs the new fancy sync command on all keys to update them, which
   is a follow up to gerrit/328.

Change-Id: I0eec4a3e8afcd9481b0b248154983aac25657c40

2020-06-04 19:25:07 +00:00

q3k

d493ab66ca

*: add dcr01s{22,24}

Change-Id: I072e825e2e1d199d9da50b9d38a9ffba68e61182

2019-10-31 17:07:50 +01:00

3 Commits (f549d43b4046d2d2316c3563a6614b088d919070)