Fix cfssl certificate path, and bootstrap scripts

lib/k8s.nix

@@ -38,9 +38,11 @@ let
       name = "kube-system-bootstrap";
       src = ../bootstrap;
       buildCommand = ''
+        share=$out/share/kube-system-bootstrap
         mkdir -p $out/bin
-        mkdir -p $out/share/kube-system-bootstrap/config
+        mkdir -p $share/bin
-        mkdir -p $out/share/kube-system-bootstrap/charts
+        mkdir -p $share/config
+        mkdir -p $share/charts
 
         export bash="${pkgs.bash}"
         export apiserver="${settings.master.name}"
@@ -54,20 +56,23 @@ let
         export grafana_ldap_toml="$(cat ${grafana_ldap} | base64 -w0)"
         export workers="$(cat ${worker_nodes})"
 
-        substituteAll $src/initial-kube-system-bootstrap $out/bin/initial-kube-system-bootstrap
+        substituteAll $src/bin/initial-kube-system-bootstrap $share/bin/initial-kube-system-bootstrap
-        chmod 755 $out/bin/initial-kube-system-bootstrap
+        chmod 755 $share/bin/initial-kube-system-bootstrap
+
+        substituteAll $src/copy-kube-system-bootstrap $out/bin/copy-kube-system-bootstrap
+        chmod 755 $out/bin/copy-kube-system-bootstrap
 
         cd $src/config
         for i in *; do
-          substituteAll $i $out/share/kube-system-bootstrap/config/$i
+          substituteAll $i $share/config/$i
         done
 
         cd $src/charts
         for i in *; do
-          substituteAll $i $out/share/kube-system-bootstrap/charts/$i
+          substituteAll $i $share/charts/$i
         done
 
-        cp $src/bin/* $out/bin
+        cp $src/bin/* $share/bin
       '';
     };
 
@@ -96,7 +101,7 @@ let
       clusterCidr = settings.cidr;
       pki.genCfsslCACert = false;
       pki.genCfsslAPIToken = false;
-      pki.caCertPathPrefix = "${pki.initca}";
+      pki.caCertPathPrefix = "${pki.initca}/ca";
 
       kubelet = {
         clusterDomain = "${settings.clusterName}.local";