nixos/kubernetes: allow configuring cfssl API server SANs
This commit is contained in:
parent
bea1a232c6
commit
e2c11ad3c0
@ -20,6 +20,7 @@ let
|
|||||||
size = 2048;
|
size = 2048;
|
||||||
};
|
};
|
||||||
CN = top.masterAddress;
|
CN = top.masterAddress;
|
||||||
|
hosts = cfg.cfsslAPIExtraSANs;
|
||||||
});
|
});
|
||||||
|
|
||||||
cfsslAPITokenBaseName = "apitoken.secret";
|
cfsslAPITokenBaseName = "apitoken.secret";
|
||||||
@ -66,6 +67,15 @@ in
|
|||||||
type = bool;
|
type = bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
cfsslAPIExtraSANs = mkOption {
|
||||||
|
description = ''
|
||||||
|
Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
||||||
|
'';
|
||||||
|
default = [];
|
||||||
|
example = [ "subdomain.example.com" ];
|
||||||
|
type = listOf str;
|
||||||
|
};
|
||||||
|
|
||||||
genCfsslAPIToken = mkOption {
|
genCfsslAPIToken = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether to automatically generate cfssl API-token secret,
|
Whether to automatically generate cfssl API-token secret,
|
||||||
|
Loading…
Reference in New Issue
Block a user