nixos/kubernetes: fix pki's mkSpec function

The `authority.file.path` field of a cert spec is [defined as follows] (https://github.com/cloudflare/certmgr/tree/v3.0.3#pki-specs): > if this is included, the CA certificate will be saved here. It follows the same file specification format above. Use this if you want to save your CA cert to disk. So certmgr fails, because each certmgr spec (apiserver, addonManager, ...) wants to manage the file at the `cert.caCert` location. However, the `authority.file.path` field is not needed for generating a certificate, as the certificate is generated by the CA, which is reachable at `authority.remote` (e.g. https://localhost:8888 with `easyCerts = true`). The `authority.file.path` field just saves the certificate of the CA to disk.
2023-12-21 22:08:31 +01:00 · 2023-12-21 22:08:31 +01:00 · 9c870ac78f
commit 9c870ac78f
parent 37b3df5f12
1 changed files with 0 additions and 1 deletions
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@ -220,7 +220,6 @@ in
            inherit (cert) action;
            authority = {
              inherit remote;
-              file.path = cert.caCert;
              root_ca = cert.caCert;
              profile = "default";
              auth_key_file = certmgrAPITokenPath;