diff options
author | Tim Steinbach <NeQuissimus@users.noreply.github.com> | 2018-02-16 13:56:59 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-16 13:56:59 +0000 |
commit | 87559028efcfb8860ece1ac97296702cca4830ae (patch) | |
tree | 3e769383682d452348e97c2c38aeb7856e7254a1 /nixos/tests/kubernetes/certs.nix | |
parent | b2f39f97d061010b2a0b7e25e2ad1ffdb293fe19 (diff) | |
parent | f44a81e19fb8d9f57c8e3b2944c473ba1e3466d7 (diff) | |
download | nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar.gz nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar.bz2 nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar.lz nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar.xz nixlib-87559028efcfb8860ece1ac97296702cca4830ae.tar.zst nixlib-87559028efcfb8860ece1ac97296702cca4830ae.zip |
Merge pull request #33954 from kuznero/pr/kubernetes
kubernetes: 1.7.9 -> 1.9.1
Diffstat (limited to 'nixos/tests/kubernetes/certs.nix')
-rw-r--r-- | nixos/tests/kubernetes/certs.nix | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/nixos/tests/kubernetes/certs.nix b/nixos/tests/kubernetes/certs.nix index f108e35b98cd..d3eff910c467 100644 --- a/nixos/tests/kubernetes/certs.nix +++ b/nixos/tests/kubernetes/certs.nix @@ -2,7 +2,8 @@ pkgs ? import <nixpkgs> {}, internalDomain ? "cloud.yourdomain.net", externalDomain ? "myawesomecluster.cluster.yourdomain.net", - serviceClusterIp ? "10.0.0.1" + serviceClusterIp ? "10.0.0.1", + kubelets }: let runWithCFSSL = name: cmd: @@ -123,9 +124,10 @@ let }; apiserver-client = { - kubelet = createClientCertKey { + kubelet = hostname: createClientCertKey { inherit ca; - cn = "apiserver-client-kubelet"; + name = "apiserver-client-kubelet-${hostname}"; + cn = "system:node:${hostname}.${externalDomain}"; groups = ["system:nodes"]; }; @@ -175,10 +177,9 @@ in { paths = [ (writeCFSSL (noKey ca)) (writeCFSSL kubelet) - (writeCFSSL apiserver-client.kubelet) (writeCFSSL apiserver-client.kube-proxy) (writeCFSSL etcd-client) - ]; + ] ++ map (hostname: writeCFSSL (apiserver-client.kubelet hostname)) kubelets; }; admin = writeCFSSL apiserver-client.admin; |