nixos/kubernetes: allow configuring cfssl API server SANs
This commit is contained in:
parent
bea1a232c6
commit
e2c11ad3c0
1 changed files with 10 additions and 0 deletions
|
@ -20,6 +20,7 @@ let
|
|||
size = 2048;
|
||||
};
|
||||
CN = top.masterAddress;
|
||||
hosts = cfg.cfsslAPIExtraSANs;
|
||||
});
|
||||
|
||||
cfsslAPITokenBaseName = "apitoken.secret";
|
||||
|
@ -66,6 +67,15 @@ in
|
|||
type = bool;
|
||||
};
|
||||
|
||||
cfsslAPIExtraSANs = mkOption {
|
||||
description = ''
|
||||
Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
|
||||
'';
|
||||
default = [];
|
||||
example = [ "subdomain.example.com" ];
|
||||
type = listOf str;
|
||||
};
|
||||
|
||||
genCfsslAPIToken = mkOption {
|
||||
description = ''
|
||||
Whether to automatically generate cfssl API-token secret,
|
||||
|
|
Loading…
Reference in a new issue