oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Make cert algo configurable (for linkerd ecdsa)

Browse Source
This commit is contained in:
Jonas Juselius
2020-11-21 14:54:52 +01:00
parent 672130f635
commit 1dfd090f69
3 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/initca.nix
View File

@@ -1,12 +1,18 @@
{ pkgs ? import <nixpkgs> {}, ca ? null, name ? "ca", hosts ? [], ...}: {
pkgs ? import <nixpkgs> {},
ca ? null,
name ? "ca",
algo ? "rsa",
hosts ? [],
...}:
with pkgs; with pkgs;
let let
ca_csr = pkgs.writeText "${name}-csr.json" (builtins.toJSON { ca_csr = pkgs.writeText "${name}-csr.json" (builtins.toJSON {
inherit hosts; inherit hosts;
CN = "${name}"; CN = "${name}";
key = { key = {
algo = "rsa"; inherit algo;
size = 2048; size = if algo == "ecdsa" then 256 else 2048;
}; };
names = [ names = [
{ {

2
modules/linkerd-certs.nix
View File

@@ -3,12 +3,14 @@ let
identity = import ./initca.nix { identity = import ./initca.nix {
inherit pkgs; inherit pkgs;
name = "linkerd-identity-ca"; name = "linkerd-identity-ca";
algo = "ecdsa";
hosts = [ "identity.linkerd.cluster.local" ]; hosts = [ "identity.linkerd.cluster.local" ];
}; };
webhook = import ./initca.nix { webhook = import ./initca.nix {
inherit pkgs; inherit pkgs;
name = "linkerd-webhook-ca"; name = "linkerd-webhook-ca";
algo = "ecdsa";
hosts = [ "webhook.linkerd.cluster.local" ]; hosts = [ "webhook.linkerd.cluster.local" ];
}; };
in { in {

6
modules/pki.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ca ? "" }: { pkgs, ca ? "", algo ? "rsa" }:
let let
initca = import ./initca.nix { inherit pkgs ca; }; initca = import ./initca.nix { inherit pkgs ca; };
@@ -33,8 +33,8 @@ let
csr = { csr = {
CN = "${args.cn}"; CN = "${args.cn}";
key = { key = {
algo = "rsa"; inherit algo;
size = 2048; size = if algo == "ecdsa" then 256 else 2048;
}; };
names = [ names = [
{ {