From 229a08f229b14fa3120af2b83f15d00233a97c68 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Mon, 21 Aug 2017 19:12:30 +0200
Subject: [PATCH] Fix missing ca.crt/pem in secrets/serviceaccount.

Add helm.
---
 k8s.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/k8s.nix b/k8s.nix
index 273b4f1..6dbc6e8 100644
--- a/k8s.nix
+++ b/k8s.nix
@@ -1,5 +1,7 @@
 with import ./certs.nix;
 let
+  pkgs = import <nixpkgs> {};
+
   etcdServers = [ "etcd0" "etcd1" "etcd2" ];
   # etcdServers = [ "k8s0-0" "k8s0-1" "k8s0-2" ];
   etcdEndpoints = builtins.map (x: "https://${x}:2379") etcdServers;
@@ -97,11 +99,12 @@ let
         kubeletClientCaFile   = ca_pem;
         kubeletClientKeyFile  = worker_key;
         kubeletClientCertFile = worker_cert;
-        # serviceAccountKeyFile = apiserver_key;
+        serviceAccountKeyFile = apiserver_key;
       };
       scheduler.leaderElect = true;
       controllerManager.leaderElect = true;
       controllerManager.serviceAccountKeyFile = apiserver_key;
+      controllerManager.rootCaFile = ca_pem;
       dns.enable = true;
       dns.port = 4053;
     };
@@ -109,6 +112,7 @@ let
       allowedTCPPorts = [ 5000 8080 4443 4053 ];
       allowedUDPPorts = [ 4053 ];
     };
+    environment.systemPackages = [ pkgs.kubernetes-helm ];
   };
 
   baseConfig = node: {