Code Review / yaml_builds.git / blob
? search:


b4c5889b69d404e1f22334ee10560156a28301d3
[yaml_builds.git] / site / site30 / pki / pki-catalog.yaml
1 ---
2 ##############################################################################
3 # Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
4 #                                                                            #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
6 # not use this file except in compliance with the License.                   #
7 #                                                                            #
8 # You may obtain a copy of the License at                                    #
9 #       http://www.apache.org/licenses/LICENSE-2.0                           #
10 #                                                                            #
11 # Unless required by applicable law or agreed to in writing, software        #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
14 # See the License for the specific language governing permissions and        #
15 # limitations under the License.                                             #
16 ##############################################################################
17
18 schema: promenade/PKICatalog/v1
19 metadata:
20   schema: metadata/Document/v1
21   name: cluster-certificates
22   layeringDefinition:
23     abstract: false
24     layer: site
25   storagePolicy: cleartext
26 data:
27   certificate_authorities:
28     kubernetes:
29       description: CA for Kubernetes components
30       certificates:
31         - document_name: apiserver
32           description: Service certificate for Kubernetes apiserver
33           common_name: apiserver
34           hosts:
35             - localhost
36             - 127.0.0.1
37             - 10.96.0.1
38           kubernetes_service_names:
39             - kubernetes.default.svc.cluster.local
40         - document_name: kubelet-genesis
41           common_name: system:node:aknode30
42           hosts:
43             - aknode30
44             - 192.168.2.30
45             - 172.29.1.30
46             - 172.30.1.30
47           groups:
48             - system:nodes
49         - document_name: kubelet-aknode30
50           common_name: system:node:aknode30
51           hosts:
52             - aknode30
53             - 192.168.2.30
54             - 172.29.1.30
55             - 172.30.1.30
56           groups:
57             - system:nodes
58         - document_name: kubelet-aknode31
59           common_name: system:node:aknode31
60           hosts:
61             - aknode31
62             - 192.168.2.31
63             - 172.29.1.31
64             - 172.30.1.31
65           groups:
66             - system:nodes
67         - document_name: kubelet-aknode32
68           common_name: system:node:aknode32
69           hosts:
70             - aknode32
71             - 192.168.2.32
72             - 172.29.1.32
73             - 172.30.1.32
74           groups:
75             - system:nodes
76         - document_name: kubelet-aknode33
77           common_name: system:node:aknode33
78           hosts:
79             - aknode33
80             - 192.168.2.33
81             - 172.29.1.33
82             - 172.30.1.33
83           groups:
84             - system:nodes
85         - document_name: kubelet-aknode34
86           common_name: system:node:aknode34
87           hosts:
88             - aknode34
89             - 192.168.2.34
90             - 172.29.1.34
91             - 172.30.1.34
92           groups:
93             - system:nodes
94         - document_name: scheduler
95           description: Service certificate for Kubernetes scheduler
96           common_name: system:kube-scheduler
97         - document_name: controller-manager
98           description: certificate for controller-manager
99           common_name: system:kube-controller-manager
100         - document_name: admin
101           common_name: admin
102           groups:
103             - system:masters
104         - document_name: armada
105           common_name: armada
106           groups:
107             - system:masters
108     kubernetes-etcd:
109       description: Certificates for Kubernetes's etcd servers
110       certificates:
111         - document_name: apiserver-etcd
112           description: etcd client certificate for use by Kubernetes apiserver
113           common_name: apiserver
114           # NOTE(mark-burnett): hosts not required for client certificates
115         - document_name: kubernetes-etcd-anchor
116           description: anchor
117           common_name: anchor
118         - document_name: kubernetes-etcd-genesis
119           common_name: kubernetes-etcd-genesis
120           hosts:
121             - aknode30
122             - 192.168.2.30
123             - 172.29.1.30
124             - 172.30.1.30
125             - 127.0.0.1
126             - localhost
127             - kubernetes-etcd.kube-system.svc.cluster.local
128             - 10.96.0.2
129         - document_name: kubernetes-etcd-aknode30
130           common_name: kubernetes-etcd-aknode30
131           hosts:
132             - aknode30
133             - 192.168.2.30
134             - 172.29.1.30
135             - 172.30.1.30
136             - 127.0.0.1
137             - localhost
138             - kubernetes-etcd.kube-system.svc.cluster.local
139             - 10.96.0.2
140         - document_name: kubernetes-etcd-aknode31
141           common_name: kubernetes-etcd-aknode31
142           hosts:
143             - aknode31
144             - 192.168.2.31
145             - 172.29.1.31
146             - 172.30.1.31
147             - 127.0.0.1
148             - localhost
149             - kubernetes-etcd.kube-system.svc.cluster.local
150             - 10.96.0.2
151         - document_name: kubernetes-etcd-aknode32
152           common_name: kubernetes-etcd-aknode32
153           hosts:
154             - aknode32
155             - 192.168.2.32
156             - 172.29.1.32
157             - 172.30.1.32
158             - 127.0.0.1
159             - localhost
160             - kubernetes-etcd.kube-system.svc.cluster.local
161             - 10.96.0.2
162     kubernetes-etcd-peer:
163       certificates:
164         - document_name: kubernetes-etcd-genesis-peer
165           common_name: kubernetes-etcd-genesis-peer
166           hosts:
167             - aknode30
168             - 192.168.2.30
169             - 172.29.1.30
170             - 172.30.1.30
171             - 127.0.0.1
172             - localhost
173             - kubernetes-etcd.kube-system.svc.cluster.local
174             - 10.96.0.2
175         - document_name: kubernetes-etcd-aknode30-peer
176           common_name: kubernetes-etcd-aknode30-peer
177           hosts:
178             - aknode30
179             - 192.168.2.30
180             - 172.29.1.30
181             - 172.30.1.30
182             - 127.0.0.1
183             - localhost
184             - kubernetes-etcd.kube-system.svc.cluster.local
185             - 10.96.0.2
186         - document_name: kubernetes-etcd-aknode31-peer
187           common_name: kubernetes-etcd-aknode31-peer
188           hosts:
189             - aknode31
190             - 192.168.2.31
191             - 172.29.1.31
192             - 172.30.1.31
193             - 127.0.0.1
194             - localhost
195             - kubernetes-etcd.kube-system.svc.cluster.local
196             - 10.96.0.2
197         - document_name: kubernetes-etcd-aknode32-peer
198           common_name: kubernetes-etcd-aknode32-peer
199           hosts:
200             - aknode32
201             - 192.168.2.32
202             - 172.29.1.32
203             - 172.30.1.32
204             - 127.0.0.1
205             - localhost
206             - kubernetes-etcd.kube-system.svc.cluster.local
207             - 10.96.0.2
208     calico-etcd:
209       description: Certificates for Calico etcd client traffic
210       certificates:
211         - document_name: calico-etcd-anchor
212           description: anchor
213           common_name: anchor
214         - document_name: calico-etcd-aknode30
215           common_name: calico-etcd-aknode30
216           hosts:
217             - aknode30
218             - 192.168.2.30
219             - 172.29.1.30
220             - 172.30.1.30
221             - 127.0.0.1
222             - localhost
223             - 10.96.232.136
224         - document_name: calico-etcd-aknode31
225           common_name: calico-etcd-aknode31
226           hosts:
227             - aknode31
228             - 192.168.2.31
229             - 172.29.1.31
230             - 172.30.1.31
231             - 127.0.0.1
232             - localhost
233             - 10.96.232.136
234         - document_name: calico-etcd-aknode32
235           common_name: calico-etcd-aknode32
236           hosts:
237             - aknode32
238             - 192.168.2.32
239             - 172.29.1.32
240             - 172.30.1.32
241             - 127.0.0.1
242             - localhost
243             - 10.96.232.136
244         - document_name: calico-node
245           common_name: calcico-node
246     calico-etcd-peer:
247       description: Certificates for Calico etcd clients
248       certificates:
249         - document_name: calico-etcd-aknode30-peer
250           common_name: calico-etcd-aknode30-peer
251           hosts:
252             - aknode30
253             - 192.168.2.30
254             - 172.29.1.30
255             - 172.30.1.30
256             - 127.0.0.1
257             - localhost
258             - 10.96.232.136
259         - document_name: calico-etcd-aknode31-peer
260           common_name: calico-etcd-aknode31-peer
261           hosts:
262             - aknode31
263             - 192.168.2.31
264             - 172.29.1.31
265             - 172.30.1.31
266             - 127.0.0.1
267             - localhost
268             - 10.96.232.136
269         - document_name: calico-etcd-aknode32-peer
270           common_name: calico-etcd-aknode32-peer
271           hosts:
272             - aknode32
273             - 192.168.2.32
274             - 172.29.1.32
275             - 172.30.1.32
276             - 127.0.0.1
277             - localhost
278             - 10.96.232.136
279         - document_name: calico-node-peer
280           common_name: calcico-node-peer
281   keypairs:
282     - name: service-account
283       description: Service account signing key for use by Kubernetes controller-manager.
284 ...
285
Scripts and YAML files/templates used to boot an Akraino cluster