X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=site%2Fdellgen10%2Fpki%2Fpki-catalog.yaml;fp=site%2Fdellgen10%2Fpki%2Fpki-catalog.yaml;h=6b3b1cd1cf07c1de7e6e50a49ecaefa3792741a9;hb=8e1d108f64f06572790ee4db71bc1d9dd32e82da;hp=0000000000000000000000000000000000000000;hpb=d743ec6c91f97cc9f5b944a8d0a609883440b14e;p=yaml_builds.git diff --git a/site/dellgen10/pki/pki-catalog.yaml b/site/dellgen10/pki/pki-catalog.yaml new file mode 100644 index 0000000..6b3b1cd --- /dev/null +++ b/site/dellgen10/pki/pki-catalog.yaml @@ -0,0 +1,266 @@ +--- +############################################################################## +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + - document_name: kubelet-genesis + common_name: system:node:aknode40 + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + groups: + - system:nodes + - document_name: kubelet-aknode40 + common_name: system:node:aknode40 + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + groups: + - system:nodes + - document_name: kubelet-aknode41 + common_name: system:node:aknode41 + hosts: + - aknode41 + - 192.168.2.41 + - 172.29.1.41 + - 172.30.2.41 + groups: + - system:nodes + - document_name: kubelet-aknode42 + common_name: system:node:aknode42 + hosts: + - aknode42 + - 192.168.2.42 + - 172.29.1.42 + - 172.30.2.42 + groups: + - system:nodes + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + # NOTE(mark-burnett): hosts not required for client certificates + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode40 + common_name: kubernetes-etcd-aknode40 + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode41 + common_name: kubernetes-etcd-aknode41 + hosts: + - aknode41 + - 192.168.2.41 + - 172.29.1.41 + - 172.30.2.41 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode42 + common_name: kubernetes-etcd-aknode42 + hosts: + - aknode42 + - 192.168.2.42 + - 172.29.1.42 + - 172.30.2.42 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + kubernetes-etcd-peer: + certificates: + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode40-peer + common_name: kubernetes-etcd-aknode40-peer + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode41-peer + common_name: kubernetes-etcd-aknode41-peer + hosts: + - aknode41 + - 192.168.2.41 + - 172.29.1.41 + - 172.30.2.41 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + - document_name: kubernetes-etcd-aknode42-peer + common_name: kubernetes-etcd-aknode42-peer + hosts: + - aknode42 + - 192.168.2.42 + - 172.29.1.42 + - 172.30.2.42 + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + - document_name: calico-etcd-aknode40 + common_name: calico-etcd-aknode40 + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-aknode41 + common_name: calico-etcd-aknode41 + hosts: + - aknode41 + - 192.168.2.41 + - 172.29.1.41 + - 172.30.2.41 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-aknode42 + common_name: calico-etcd-aknode42 + hosts: + - aknode42 + - 192.168.2.42 + - 172.29.1.42 + - 172.30.2.42 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + - document_name: calico-etcd-aknode40-peer + common_name: calico-etcd-aknode40-peer + hosts: + - aknode40 + - 192.168.2.40 + - 172.29.1.40 + - 172.30.2.40 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-aknode41-peer + common_name: calico-etcd-aknode41-peer + hosts: + - aknode41 + - 192.168.2.41 + - 172.29.1.41 + - 172.30.2.41 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-etcd-aknode42-peer + common_name: calico-etcd-aknode42-peer + hosts: + - aknode42 + - 192.168.2.42 + - 172.29.1.42 + - 172.30.2.42 + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +...