--- ############################################################################## # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. # # # # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # # # Unless required by applicable law or agreed to in writing, software # # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # ############################################################################## schema: promenade/PKICatalog/v1 metadata: schema: metadata/Document/v1 name: cluster-certificates layeringDefinition: abstract: false layer: site storagePolicy: cleartext data: certificate_authorities: kubernetes: description: CA for Kubernetes components certificates: - document_name: apiserver description: Service certificate for Kubernetes apiserver common_name: apiserver hosts: - localhost - 127.0.0.1 - 10.96.0.1 kubernetes_service_names: - kubernetes.default.svc.cluster.local - document_name: kubelet-genesis common_name: system:node:aknode40 hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 groups: - system:nodes - document_name: kubelet-aknode40 common_name: system:node:aknode40 hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 groups: - system:nodes - document_name: kubelet-aknode41 common_name: system:node:aknode41 hosts: - aknode41 - 192.168.2.41 - 172.29.1.41 - 172.30.2.41 groups: - system:nodes - document_name: kubelet-aknode42 common_name: system:node:aknode42 hosts: - aknode42 - 192.168.2.42 - 172.29.1.42 - 172.30.2.42 groups: - system:nodes - document_name: scheduler description: Service certificate for Kubernetes scheduler common_name: system:kube-scheduler - document_name: controller-manager description: certificate for controller-manager common_name: system:kube-controller-manager - document_name: admin common_name: admin groups: - system:masters - document_name: armada common_name: armada groups: - system:masters kubernetes-etcd: description: Certificates for Kubernetes's etcd servers certificates: - document_name: apiserver-etcd description: etcd client certificate for use by Kubernetes apiserver common_name: apiserver # NOTE(mark-burnett): hosts not required for client certificates - document_name: kubernetes-etcd-anchor description: anchor common_name: anchor - document_name: kubernetes-etcd-genesis common_name: kubernetes-etcd-genesis hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode40 common_name: kubernetes-etcd-aknode40 hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode41 common_name: kubernetes-etcd-aknode41 hosts: - aknode41 - 192.168.2.41 - 172.29.1.41 - 172.30.2.41 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode42 common_name: kubernetes-etcd-aknode42 hosts: - aknode42 - 192.168.2.42 - 172.29.1.42 - 172.30.2.42 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 kubernetes-etcd-peer: certificates: - document_name: kubernetes-etcd-genesis-peer common_name: kubernetes-etcd-genesis-peer hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode40-peer common_name: kubernetes-etcd-aknode40-peer hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode41-peer common_name: kubernetes-etcd-aknode41-peer hosts: - aknode41 - 192.168.2.41 - 172.29.1.41 - 172.30.2.41 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 - document_name: kubernetes-etcd-aknode42-peer common_name: kubernetes-etcd-aknode42-peer hosts: - aknode42 - 192.168.2.42 - 172.29.1.42 - 172.30.2.42 - 127.0.0.1 - localhost - kubernetes-etcd.kube-system.svc.cluster.local - 10.96.0.2 calico-etcd: description: Certificates for Calico etcd client traffic certificates: - document_name: calico-etcd-anchor description: anchor common_name: anchor - document_name: calico-etcd-aknode40 common_name: calico-etcd-aknode40 hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-etcd-aknode41 common_name: calico-etcd-aknode41 hosts: - aknode41 - 192.168.2.41 - 172.29.1.41 - 172.30.2.41 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-etcd-aknode42 common_name: calico-etcd-aknode42 hosts: - aknode42 - 192.168.2.42 - 172.29.1.42 - 172.30.2.42 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-node common_name: calcico-node calico-etcd-peer: description: Certificates for Calico etcd clients certificates: - document_name: calico-etcd-aknode40-peer common_name: calico-etcd-aknode40-peer hosts: - aknode40 - 192.168.2.40 - 172.29.1.40 - 172.30.2.40 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-etcd-aknode41-peer common_name: calico-etcd-aknode41-peer hosts: - aknode41 - 192.168.2.41 - 172.29.1.41 - 172.30.2.41 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-etcd-aknode42-peer common_name: calico-etcd-aknode42-peer hosts: - aknode42 - 192.168.2.42 - 172.29.1.42 - 172.30.2.42 - 127.0.0.1 - localhost - 10.96.232.136 - document_name: calico-node-peer common_name: calcico-node-peer keypairs: - name: service-account description: Service account signing key for use by Kubernetes controller-manager. ...