nixos/kubernetes: allow configuring cfssl API server SANs

This commit is contained in:
Antonio Nuno Monteiro 2019-11-24 20:53:31 -08:00 committed by Jon
parent bea1a232c6
commit e2c11ad3c0

View File

@ -20,6 +20,7 @@ let
size = 2048; size = 2048;
}; };
CN = top.masterAddress; CN = top.masterAddress;
hosts = cfg.cfsslAPIExtraSANs;
}); });
cfsslAPITokenBaseName = "apitoken.secret"; cfsslAPITokenBaseName = "apitoken.secret";
@ -66,6 +67,15 @@ in
type = bool; type = bool;
}; };
cfsslAPIExtraSANs = mkOption {
description = ''
Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
'';
default = [];
example = [ "subdomain.example.com" ];
type = listOf str;
};
genCfsslAPIToken = mkOption { genCfsslAPIToken = mkOption {
description = '' description = ''
Whether to automatically generate cfssl API-token secret, Whether to automatically generate cfssl API-token secret,