fix cfssl json files
This commit is contained in:
parent
6a32dfad5b
commit
6e812b3f0c
GPG key ID:
6F86035A6D97044E
1 changed files with 16 additions and 17 deletions
33
flake.nix
33
flake.nix
|
|
@ -314,7 +314,7 @@
|
|||
kubectl = (self.packages.${pkgs.system}.kubectl cfg.package_versions.kubectl);
|
||||
kubelet = (self.packages.${pkgs.system}.kubelet cfg.package_versions.kubelet);
|
||||
|
||||
ca-config-json = pkgs.writeTextFile "ca-config-json" (
|
||||
ca-config-json = pkgs.writeText "ca-config-json" (
|
||||
builtins.toJSON {
|
||||
signing = {
|
||||
default = {
|
||||
|
|
@ -352,7 +352,7 @@
|
|||
}
|
||||
);
|
||||
|
||||
apiserver-etcd-client-csr-json = pkgs.writeTextFile "apiserver-etcd-client-csr-json" (
|
||||
apiserver-etcd-client-csr-json = pkgs.writeText "apiserver-etcd-client-csr-json" (
|
||||
builtins.toJSON {
|
||||
CN = "kube-apiserver-etcd-client";
|
||||
names = [
|
||||
|
|
@ -367,7 +367,7 @@
|
|||
}
|
||||
);
|
||||
|
||||
healthcheck-client-csr-json = pkgs.writeTextFile "healthcheck-client-csr.json" (
|
||||
healthcheck-client-csr-json = pkgs.writeText "healthcheck-client-csr-json" (
|
||||
builtins.toJSON {
|
||||
CN = "kube-etcd-healthcheck-client";
|
||||
names = [
|
||||
|
|
@ -382,7 +382,7 @@
|
|||
}
|
||||
);
|
||||
|
||||
server-csr-json = pkgs.writeTextFile "server-csr.json" (
|
||||
server-csr-json = pkgs.writeText "server-csr-json" (
|
||||
builtins.toJSON {
|
||||
CN = "${name}.${cfg.hosts.${name}.domain}";
|
||||
hosts = [
|
||||
|
|
@ -400,7 +400,7 @@
|
|||
}
|
||||
);
|
||||
|
||||
etcd-ca-csr-json = pkgs.writeTextFile "etcd-ca-csr-json" (
|
||||
etcd-ca-csr-json = pkgs.writeText "etcd-ca-csr-json" (
|
||||
builtins.toJSON {
|
||||
CN = "etcd-ca";
|
||||
key = {
|
||||
|
|
@ -410,7 +410,7 @@
|
|||
}
|
||||
);
|
||||
|
||||
peer-csr-json = pkgs.writeTextFile "peer-csr.json" (
|
||||
peer-csr-json = pkgs.writeText "peer-csr-json" (
|
||||
builtins.toJSON {
|
||||
CN = "${name}.${cfg.hosts.${name}.domain}";
|
||||
hosts = [
|
||||
|
|
@ -761,17 +761,16 @@
|
|||
preStart =
|
||||
if (cfg.hosts.${name}.role == "master")
|
||||
then
|
||||
""
|
||||
# ''
|
||||
# mkdir -p /etc/kubernetes/pki
|
||||
# cd /etc/kubernetes/pki
|
||||
# if [ ! -f apiserver-etcd-client.crt ]
|
||||
# then
|
||||
# cat ${apiserver-etcd-client-csr-json} | ${pkgs.cfssl}/bin/cfssl gencert -ca=${cfg.etcd.certPath} -ca-key=${cfg.etcd.keyPath} -config=${ca-config-json} -profile=client - | ${pkgs.cfssl}/bin/cfssljson -bare apiserver-etcd-client
|
||||
# mv apiserver-etcd-client.pem apiserver-etcd-client.crt
|
||||
# mv apiserver-etcd-client-key.pem apiserver-etcd-client.key
|
||||
# fi
|
||||
# ''
|
||||
''
|
||||
mkdir -p /etc/kubernetes/pki
|
||||
cd /etc/kubernetes/pki
|
||||
if [ ! -f apiserver-etcd-client.crt ]
|
||||
then
|
||||
cat ${apiserver-etcd-client-csr-json} | ${pkgs.cfssl}/bin/cfssl gencert -ca=${cfg.etcd.certPath} -ca-key=${cfg.etcd.keyPath} -config=${ca-config-json} -profile=client - | ${pkgs.cfssl}/bin/cfssljson -bare apiserver-etcd-client
|
||||
mv apiserver-etcd-client.pem apiserver-etcd-client.crt
|
||||
mv apiserver-etcd-client-key.pem apiserver-etcd-client.key
|
||||
fi
|
||||
''
|
||||
else
|
||||
"";
|
||||
serviceConfig = {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue