Secure certificates after generation

2019-02-23 15:34:28 +01:00
parent cce9aa825b
commit 66d29be22c
19 changed files with 2098 additions and 144 deletions
--- a/kube1/certs.nix
+++ b/kube1/certs.nix
@@ -0,0 +1,29 @@
+{ pkgs, ...}:
+let
+  pki = pkgs.callPackage ../lib/pki.nix {};
+in
+{
+    initca = pki.initca;
+    ca = pki.ca;
+    apiserver = pki.apiserver ''
+      "10.253.18.109",
+      "10.0.0.1",
+      "127.0.0.1",
+      "kubernetes",
+      "etcd0",
+      "k1-0"
+    '';
+    kube-proxy = pki.kube-proxy;
+    admin = pki.admin;
+    etcd = pki.etcd ''
+        "etcd0",
+        "etcd1",
+        "10.253.18.109",
+        "10.253.18.110",
+        "127.0.0.1"
+    '';
+    k1-0 = pki.worker { name = "k1-0"; ip = "10.253.18.109"; };
+    k1-1 = pki.worker { name = "k1-1"; ip = "10.253.18.110"; };
+    k1-2 = pki.worker { name = "k1-2"; ip = "10.253.18.111"; };
+}
+