Code Review / yaml_builds.git / blob
? search:


cce0cb41e77b1e6693818021b08fbc720ce2c923
[yaml_builds.git] / site / hpgen10 / pki / pki-catalog.yaml
1 ---
2 ##############################################################################
3 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
4 #                                                                            #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
6 # not use this file except in compliance with the License.                   #
7 #                                                                            #
8 # You may obtain a copy of the License at                                    #
9 #       http://www.apache.org/licenses/LICENSE-2.0                           #
10 #                                                                            #
11 # Unless required by applicable law or agreed to in writing, software        #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
14 # See the License for the specific language governing permissions and        #
15 # limitations under the License.                                             #
16 ##############################################################################
17
18 schema: promenade/PKICatalog/v1
19 metadata:
20   schema: metadata/Document/v1
21   name: cluster-certificates
22   layeringDefinition:
23     abstract: false
24     layer: site
25   storagePolicy: cleartext
26 data:
27   certificate_authorities:
28     kubernetes:
29       description: CA for Kubernetes components
30       certificates:
31         - document_name: apiserver
32           description: Service certificate for Kubernetes apiserver
33           common_name: apiserver
34           hosts:
35             - localhost
36             - 127.0.0.1
37             - 10.96.0.1
38           kubernetes_service_names:
39             - kubernetes.default.svc.cluster.local
40         - document_name: kubelet-genesis
41           common_name: system:node:aknode30
42           hosts:
43             - aknode30
44             - 192.168.2.30
45             - 172.29.1.30
46             - 172.30.1.30
47           groups:
48             - system:nodes
49         - document_name: kubelet-aknode30
50           common_name: system:node:aknode30
51           hosts:
52             - aknode30
53             - 192.168.2.30
54             - 172.29.1.30
55             - 172.30.1.30
56           groups:
57             - system:nodes
58         - document_name: kubelet-aknode31
59           common_name: system:node:aknode31
60           hosts:
61             - aknode31
62             - 192.168.2.31
63             - 172.29.1.31
64             - 172.30.1.31
65           groups:
66             - system:nodes
67         - document_name: kubelet-aknode32
68           common_name: system:node:aknode32
69           hosts:
70             - aknode32
71             - 192.168.2.32
72             - 172.29.1.32
73             - 172.30.1.32
74           groups:
75             - system:nodes
76         - document_name: scheduler
77           description: Service certificate for Kubernetes scheduler
78           common_name: system:kube-scheduler
79         - document_name: controller-manager
80           description: certificate for controller-manager
81           common_name: system:kube-controller-manager
82         - document_name: admin
83           common_name: admin
84           groups:
85             - system:masters
86         - document_name: armada
87           common_name: armada
88           groups:
89             - system:masters
90     kubernetes-etcd:
91       description: Certificates for Kubernetes's etcd servers
92       certificates:
93         - document_name: apiserver-etcd
94           description: etcd client certificate for use by Kubernetes apiserver
95           common_name: apiserver
96           # NOTE(mark-burnett): hosts not required for client certificates
97         - document_name: kubernetes-etcd-anchor
98           description: anchor
99           common_name: anchor
100         - document_name: kubernetes-etcd-genesis
101           common_name: kubernetes-etcd-genesis
102           hosts:
103             - aknode30
104             - 192.168.2.30
105             - 172.29.1.30
106             - 172.30.1.30
107             - 127.0.0.1
108             - localhost
109             - kubernetes-etcd.kube-system.svc.cluster.local
110             - 10.96.0.2
111         - document_name: kubernetes-etcd-aknode30
112           common_name: kubernetes-etcd-aknode30
113           hosts:
114             - aknode30
115             - 192.168.2.30
116             - 172.29.1.30
117             - 172.30.1.30
118             - 127.0.0.1
119             - localhost
120             - kubernetes-etcd.kube-system.svc.cluster.local
121             - 10.96.0.2
122         - document_name: kubernetes-etcd-aknode31
123           common_name: kubernetes-etcd-aknode31
124           hosts:
125             - aknode31
126             - 192.168.2.31
127             - 172.29.1.31
128             - 172.30.1.31
129             - 127.0.0.1
130             - localhost
131             - kubernetes-etcd.kube-system.svc.cluster.local
132             - 10.96.0.2
133         - document_name: kubernetes-etcd-aknode32
134           common_name: kubernetes-etcd-aknode32
135           hosts:
136             - aknode32
137             - 192.168.2.32
138             - 172.29.1.32
139             - 172.30.1.32
140             - 127.0.0.1
141             - localhost
142             - kubernetes-etcd.kube-system.svc.cluster.local
143             - 10.96.0.2
144     kubernetes-etcd-peer:
145       certificates:
146         - document_name: kubernetes-etcd-genesis-peer
147           common_name: kubernetes-etcd-genesis-peer
148           hosts:
149             - aknode30
150             - 192.168.2.30
151             - 172.29.1.30
152             - 172.30.1.30
153             - 127.0.0.1
154             - localhost
155             - kubernetes-etcd.kube-system.svc.cluster.local
156             - 10.96.0.2
157         - document_name: kubernetes-etcd-aknode30-peer
158           common_name: kubernetes-etcd-aknode30-peer
159           hosts:
160             - aknode30
161             - 192.168.2.30
162             - 172.29.1.30
163             - 172.30.1.30
164             - 127.0.0.1
165             - localhost
166             - kubernetes-etcd.kube-system.svc.cluster.local
167             - 10.96.0.2
168         - document_name: kubernetes-etcd-aknode31-peer
169           common_name: kubernetes-etcd-aknode31-peer
170           hosts:
171             - aknode31
172             - 192.168.2.31
173             - 172.29.1.31
174             - 172.30.1.31
175             - 127.0.0.1
176             - localhost
177             - kubernetes-etcd.kube-system.svc.cluster.local
178             - 10.96.0.2
179         - document_name: kubernetes-etcd-aknode32-peer
180           common_name: kubernetes-etcd-aknode32-peer
181           hosts:
182             - aknode32
183             - 192.168.2.32
184             - 172.29.1.32
185             - 172.30.1.32
186             - 127.0.0.1
187             - localhost
188             - kubernetes-etcd.kube-system.svc.cluster.local
189             - 10.96.0.2
190     calico-etcd:
191       description: Certificates for Calico etcd client traffic
192       certificates:
193         - document_name: calico-etcd-anchor
194           description: anchor
195           common_name: anchor
196         - document_name: calico-etcd-aknode30
197           common_name: calico-etcd-aknode30
198           hosts:
199             - aknode30
200             - 192.168.2.30
201             - 172.29.1.30
202             - 172.30.1.30
203             - 127.0.0.1
204             - localhost
205             - 10.96.232.136
206         - document_name: calico-etcd-aknode31
207           common_name: calico-etcd-aknode31
208           hosts:
209             - aknode31
210             - 192.168.2.31
211             - 172.29.1.31
212             - 172.30.1.31
213             - 127.0.0.1
214             - localhost
215             - 10.96.232.136
216         - document_name: calico-etcd-aknode32
217           common_name: calico-etcd-aknode32
218           hosts:
219             - aknode32
220             - 192.168.2.32
221             - 172.29.1.32
222             - 172.30.1.32
223             - 127.0.0.1
224             - localhost
225             - 10.96.232.136
226         - document_name: calico-node
227           common_name: calcico-node
228     calico-etcd-peer:
229       description: Certificates for Calico etcd clients
230       certificates:
231         - document_name: calico-etcd-aknode30-peer
232           common_name: calico-etcd-aknode30-peer
233           hosts:
234             - aknode30
235             - 192.168.2.30
236             - 172.29.1.30
237             - 172.30.1.30
238             - 127.0.0.1
239             - localhost
240             - 10.96.232.136
241         - document_name: calico-etcd-aknode31-peer
242           common_name: calico-etcd-aknode31-peer
243           hosts:
244             - aknode31
245             - 192.168.2.31
246             - 172.29.1.31
247             - 172.30.1.31
248             - 127.0.0.1
249             - localhost
250             - 10.96.232.136
251         - document_name: calico-etcd-aknode32-peer
252           common_name: calico-etcd-aknode32-peer
253           hosts:
254             - aknode32
255             - 192.168.2.32
256             - 172.29.1.32
257             - 172.30.1.32
258             - 127.0.0.1
259             - localhost
260             - 10.96.232.136
261         - document_name: calico-node-peer
262           common_name: calcico-node-peer
263   keypairs:
264     - name: service-account
265       description: Service account signing key for use by Kubernetes controller-manager.
266 ...
Scripts and YAML files/templates used to boot an Akraino cluster