2 ##############################################################################
3 # Copyright © 2018 AT&T Intellectual Property. All rights reserved. #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may #
6 # not use this file except in compliance with the License. #
8 # You may obtain a copy of the License at #
9 # http://www.apache.org/licenses/LICENSE-2.0 #
11 # Unless required by applicable law or agreed to in writing, software #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
14 # See the License for the specific language governing permissions and #
15 # limitations under the License. #
16 ##############################################################################
18 schema: promenade/PKICatalog/v1
20 schema: metadata/Document/v1
21 name: cluster-certificates
25 storagePolicy: cleartext
27 certificate_authorities:
29 description: CA for Kubernetes components
31 - document_name: apiserver
32 description: Service certificate for Kubernetes apiserver
33 common_name: apiserver
38 kubernetes_service_names:
39 - kubernetes.default.svc.cluster.local
40 - document_name: kubelet-genesis
41 common_name: system:node:aknode30
49 - document_name: kubelet-aknode30
50 common_name: system:node:aknode30
58 - document_name: kubelet-aknode31
59 common_name: system:node:aknode31
67 - document_name: kubelet-aknode32
68 common_name: system:node:aknode32
76 - document_name: kubelet-aknode33
77 common_name: system:node:aknode33
85 - document_name: kubelet-aknode34
86 common_name: system:node:aknode34
94 - document_name: scheduler
95 description: Service certificate for Kubernetes scheduler
96 common_name: system:kube-scheduler
97 - document_name: controller-manager
98 description: certificate for controller-manager
99 common_name: system:kube-controller-manager
100 - document_name: admin
104 - document_name: armada
109 description: Certificates for Kubernetes's etcd servers
111 - document_name: apiserver-etcd
112 description: etcd client certificate for use by Kubernetes apiserver
113 common_name: apiserver
114 # NOTE(mark-burnett): hosts not required for client certificates
115 - document_name: kubernetes-etcd-anchor
118 - document_name: kubernetes-etcd-genesis
119 common_name: kubernetes-etcd-genesis
127 - kubernetes-etcd.kube-system.svc.cluster.local
129 - document_name: kubernetes-etcd-aknode30
130 common_name: kubernetes-etcd-aknode30
138 - kubernetes-etcd.kube-system.svc.cluster.local
140 - document_name: kubernetes-etcd-aknode31
141 common_name: kubernetes-etcd-aknode31
149 - kubernetes-etcd.kube-system.svc.cluster.local
151 - document_name: kubernetes-etcd-aknode32
152 common_name: kubernetes-etcd-aknode32
160 - kubernetes-etcd.kube-system.svc.cluster.local
162 kubernetes-etcd-peer:
164 - document_name: kubernetes-etcd-genesis-peer
165 common_name: kubernetes-etcd-genesis-peer
173 - kubernetes-etcd.kube-system.svc.cluster.local
175 - document_name: kubernetes-etcd-aknode30-peer
176 common_name: kubernetes-etcd-aknode30-peer
184 - kubernetes-etcd.kube-system.svc.cluster.local
186 - document_name: kubernetes-etcd-aknode31-peer
187 common_name: kubernetes-etcd-aknode31-peer
195 - kubernetes-etcd.kube-system.svc.cluster.local
197 - document_name: kubernetes-etcd-aknode32-peer
198 common_name: kubernetes-etcd-aknode32-peer
206 - kubernetes-etcd.kube-system.svc.cluster.local
209 description: Certificates for Calico etcd client traffic
211 - document_name: calico-etcd-anchor
214 - document_name: calico-etcd-aknode30
215 common_name: calico-etcd-aknode30
224 - document_name: calico-etcd-aknode31
225 common_name: calico-etcd-aknode31
234 - document_name: calico-etcd-aknode32
235 common_name: calico-etcd-aknode32
244 - document_name: calico-node
245 common_name: calcico-node
247 description: Certificates for Calico etcd clients
249 - document_name: calico-etcd-aknode30-peer
250 common_name: calico-etcd-aknode30-peer
259 - document_name: calico-etcd-aknode31-peer
260 common_name: calico-etcd-aknode31-peer
269 - document_name: calico-etcd-aknode32-peer
270 common_name: calico-etcd-aknode32-peer
279 - document_name: calico-node-peer
280 common_name: calcico-node-peer
282 - name: service-account
283 description: Service account signing key for use by Kubernetes controller-manager.