diff options
author | vincent.cui <privat@vincentcui.de> | 2023-12-21 22:08:31 +0100 |
---|---|---|
committer | vincent.cui <privat@vincentcui.de> | 2023-12-21 22:08:31 +0100 |
commit | 9c870ac78f6157260ba1f96f9ce077ce84478532 (patch) | |
tree | 704ef2a033316613af0ecebc1957a9249beef550 /pkgs/tools/package-management/comma | |
parent | 37b3df5f12fa2b3143c8ae29ad9056db9a8b5690 (diff) | |
download | nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar.gz nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar.bz2 nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar.lz nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar.xz nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.tar.zst nixlib-9c870ac78f6157260ba1f96f9ce077ce84478532.zip |
nixos/kubernetes: fix pki's mkSpec function
The `authority.file.path` field of a cert spec is [defined as follows] (https://github.com/cloudflare/certmgr/tree/v3.0.3#pki-specs): > if this is included, the CA certificate will be saved here. It follows the same file specification format above. Use this if you want to save your CA cert to disk. So certmgr fails, because each certmgr spec (apiserver, addonManager, ...) wants to manage the file at the `cert.caCert` location. However, the `authority.file.path` field is not needed for generating a certificate, as the certificate is generated by the CA, which is reachable at `authority.remote` (e.g. https://localhost:8888 with `easyCerts = true`). The `authority.file.path` field just saves the certificate of the CA to disk.
Diffstat (limited to 'pkgs/tools/package-management/comma')
0 files changed, 0 insertions, 0 deletions