diff options
author | Antonio Nuno Monteiro <anmonteiro@gmail.com> | 2019-11-24 20:53:31 -0800 |
---|---|---|
committer | Jon <jonringer@users.noreply.github.com> | 2020-01-18 23:39:21 -0800 |
commit | e2c11ad3c068744f4549ecc29aa39e937b24bd98 (patch) | |
tree | 56b66923951cc06b57144cf86b5d22ebc6a795f3 /nixos/modules/services/cluster/kubernetes/pki.nix | |
parent | bea1a232c615aba177e0ef56600d5f847ad3bbd9 (diff) |
nixos/kubernetes: allow configuring cfssl API server SANs
Diffstat (limited to 'nixos/modules/services/cluster/kubernetes/pki.nix')
-rw-r--r-- | nixos/modules/services/cluster/kubernetes/pki.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 733479e24c97..4275563f1a36 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -20,6 +20,7 @@ let size = 2048; }; CN = top.masterAddress; + hosts = cfg.cfsslAPIExtraSANs; }); cfsslAPITokenBaseName = "apitoken.secret"; @@ -66,6 +67,15 @@ in type = bool; }; + cfsslAPIExtraSANs = mkOption { + description = '' + Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert. + ''; + default = []; + example = [ "subdomain.example.com" ]; + type = listOf str; + }; + genCfsslAPIToken = mkOption { description = '' Whether to automatically generate cfssl API-token secret, |