--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ - 10.96.0.1
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+ - document_name: kubelet-genesis
+ common_name: system:node:aknode40
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode40
+ common_name: system:node:aknode40
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode41
+ common_name: system:node:aknode41
+ hosts:
+ - aknode41
+ - 192.168.2.41
+ - 172.29.1.41
+ - 172.30.2.41
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode42
+ common_name: system:node:aknode42
+ hosts:
+ - aknode42
+ - 192.168.2.42
+ - 172.29.1.42
+ - 172.30.2.42
+ groups:
+ - system:nodes
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode40
+ common_name: kubernetes-etcd-aknode40
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode41
+ common_name: kubernetes-etcd-aknode41
+ hosts:
+ - aknode41
+ - 192.168.2.41
+ - 172.29.1.41
+ - 172.30.2.41
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode42
+ common_name: kubernetes-etcd-aknode42
+ hosts:
+ - aknode42
+ - 192.168.2.42
+ - 172.29.1.42
+ - 172.30.2.42
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ kubernetes-etcd-peer:
+ certificates:
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode40-peer
+ common_name: kubernetes-etcd-aknode40-peer
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode41-peer
+ common_name: kubernetes-etcd-aknode41-peer
+ hosts:
+ - aknode41
+ - 192.168.2.41
+ - 172.29.1.41
+ - 172.30.2.41
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode42-peer
+ common_name: kubernetes-etcd-aknode42-peer
+ hosts:
+ - aknode42
+ - 192.168.2.42
+ - 172.29.1.42
+ - 172.30.2.42
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: calico-etcd-aknode40
+ common_name: calico-etcd-aknode40
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode41
+ common_name: calico-etcd-aknode41
+ hosts:
+ - aknode41
+ - 192.168.2.41
+ - 172.29.1.41
+ - 172.30.2.41
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode42
+ common_name: calico-etcd-aknode42
+ hosts:
+ - aknode42
+ - 192.168.2.42
+ - 172.29.1.42
+ - 172.30.2.42
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node
+ common_name: calcico-node
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ - document_name: calico-etcd-aknode40-peer
+ common_name: calico-etcd-aknode40-peer
+ hosts:
+ - aknode40
+ - 192.168.2.40
+ - 172.29.1.40
+ - 172.30.2.40
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode41-peer
+ common_name: calico-etcd-aknode41-peer
+ hosts:
+ - aknode41
+ - 192.168.2.41
+ - 172.29.1.41
+ - 172.30.2.41
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode42-peer
+ common_name: calico-etcd-aknode42-peer
+ hosts:
+ - aknode42
+ - 192.168.2.42
+ - 172.29.1.42
+ - 172.30.2.42
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...