--- /dev/null
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+ schema: metadata/Document/v1
+ name: cluster-certificates
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ certificate_authorities:
+ kubernetes:
+ description: CA for Kubernetes components
+ certificates:
+ - document_name: apiserver
+ description: Service certificate for Kubernetes apiserver
+ common_name: apiserver
+ hosts:
+ - localhost
+ - 127.0.0.1
+ - 10.96.0.1
+ kubernetes_service_names:
+ - kubernetes.default.svc.cluster.local
+ - document_name: kubelet-genesis
+ common_name: system:node:aknode30
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode30
+ common_name: system:node:aknode30
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode31
+ common_name: system:node:aknode31
+ hosts:
+ - aknode31
+ - 192.168.2.31
+ - 172.29.1.31
+ - 172.30.1.31
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode32
+ common_name: system:node:aknode32
+ hosts:
+ - aknode32
+ - 192.168.2.32
+ - 172.29.1.32
+ - 172.30.1.32
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode33
+ common_name: system:node:aknode33
+ hosts:
+ - aknode33
+ - 192.168.2.33
+ - 172.29.1.33
+ - 172.30.1.33
+ groups:
+ - system:nodes
+ - document_name: kubelet-aknode34
+ common_name: system:node:aknode34
+ hosts:
+ - aknode34
+ - 192.168.2.34
+ - 172.29.1.34
+ - 172.30.1.34
+ groups:
+ - system:nodes
+ - document_name: scheduler
+ description: Service certificate for Kubernetes scheduler
+ common_name: system:kube-scheduler
+ - document_name: controller-manager
+ description: certificate for controller-manager
+ common_name: system:kube-controller-manager
+ - document_name: admin
+ common_name: admin
+ groups:
+ - system:masters
+ - document_name: armada
+ common_name: armada
+ groups:
+ - system:masters
+ kubernetes-etcd:
+ description: Certificates for Kubernetes's etcd servers
+ certificates:
+ - document_name: apiserver-etcd
+ description: etcd client certificate for use by Kubernetes apiserver
+ common_name: apiserver
+ # NOTE(mark-burnett): hosts not required for client certificates
+ - document_name: kubernetes-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: kubernetes-etcd-genesis
+ common_name: kubernetes-etcd-genesis
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode30
+ common_name: kubernetes-etcd-aknode30
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode31
+ common_name: kubernetes-etcd-aknode31
+ hosts:
+ - aknode31
+ - 192.168.2.31
+ - 172.29.1.31
+ - 172.30.1.31
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode32
+ common_name: kubernetes-etcd-aknode32
+ hosts:
+ - aknode32
+ - 192.168.2.32
+ - 172.29.1.32
+ - 172.30.1.32
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ kubernetes-etcd-peer:
+ certificates:
+ - document_name: kubernetes-etcd-genesis-peer
+ common_name: kubernetes-etcd-genesis-peer
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode30-peer
+ common_name: kubernetes-etcd-aknode30-peer
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode31-peer
+ common_name: kubernetes-etcd-aknode31-peer
+ hosts:
+ - aknode31
+ - 192.168.2.31
+ - 172.29.1.31
+ - 172.30.1.31
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ - document_name: kubernetes-etcd-aknode32-peer
+ common_name: kubernetes-etcd-aknode32-peer
+ hosts:
+ - aknode32
+ - 192.168.2.32
+ - 172.29.1.32
+ - 172.30.1.32
+ - 127.0.0.1
+ - localhost
+ - kubernetes-etcd.kube-system.svc.cluster.local
+ - 10.96.0.2
+ calico-etcd:
+ description: Certificates for Calico etcd client traffic
+ certificates:
+ - document_name: calico-etcd-anchor
+ description: anchor
+ common_name: anchor
+ - document_name: calico-etcd-aknode30
+ common_name: calico-etcd-aknode30
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode31
+ common_name: calico-etcd-aknode31
+ hosts:
+ - aknode31
+ - 192.168.2.31
+ - 172.29.1.31
+ - 172.30.1.31
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode32
+ common_name: calico-etcd-aknode32
+ hosts:
+ - aknode32
+ - 192.168.2.32
+ - 172.29.1.32
+ - 172.30.1.32
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node
+ common_name: calcico-node
+ calico-etcd-peer:
+ description: Certificates for Calico etcd clients
+ certificates:
+ - document_name: calico-etcd-aknode30-peer
+ common_name: calico-etcd-aknode30-peer
+ hosts:
+ - aknode30
+ - 192.168.2.30
+ - 172.29.1.30
+ - 172.30.1.30
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode31-peer
+ common_name: calico-etcd-aknode31-peer
+ hosts:
+ - aknode31
+ - 192.168.2.31
+ - 172.29.1.31
+ - 172.30.1.31
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-etcd-aknode32-peer
+ common_name: calico-etcd-aknode32-peer
+ hosts:
+ - aknode32
+ - 192.168.2.32
+ - 172.29.1.32
+ - 172.30.1.32
+ - 127.0.0.1
+ - localhost
+ - 10.96.232.136
+ - document_name: calico-node-peer
+ common_name: calcico-node-peer
+ keypairs:
+ - name: service-account
+ description: Service account signing key for use by Kubernetes controller-manager.
+...
+