Merge pull request #321632 from PedroRegisPOAR/kubernetes-mkCert-drops-nogroup-as-default

nixos/kubernetes: adds argument to mkCert defaulting to kubernetes group
2024-11-18 03:30:45 +00:00 · 2024-07-19 12:49:49 +02:00 · 2024-07-19 12:49:49 +02:00 · 54fbcf1be8
parent a1740ea605 a5deaf9e93
commit 54fbcf1be8
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@ -61,13 +61,13 @@ let
  etcdEndpoints = ["https://${cfg.masterAddress}:2379"];

  mkCert = { name, CN, hosts ? [], fields ? {}, action ? "",
-             privateKeyOwner ? "kubernetes" }: rec {
+             privateKeyOwner ? "kubernetes", privateKeyGroup ? "kubernetes" }: rec {
    inherit name caCert CN hosts fields action;
    cert = secret name;
    key = secret "${name}-key";
    privateKeyOptions = {
      owner = privateKeyOwner;
-      group = "nogroup";
+      group = privateKeyGroup;
      mode = "0600";
      path = key;
    };