salt/minion/cert/k8s_server.yml - salt-models/reclass-system - Gitiles

 parameters:
   salt:
     minion:
       cert:
         k8s_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           common_name: kubernetes-server
           key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
           cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
           all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
           signing_policy: cert_server
           alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
         k8s_scheduler:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
           cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-scheduler
           signing_policy: cert_client
           alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
         k8s_controller_manager:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
           cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-controller-manager
           signing_policy: cert_client
           alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
         k8s_admin:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/admin.key
           cert_file: /etc/kubernetes/ssl/admin.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: admin
           organization_name: system:masters
           signing_policy: cert_client
	parameters:
	salt:
	minion:
	cert:
	k8s_server:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	common_name: kubernetes-server
	key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
	cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
	all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
	signing_policy: cert_server
	alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
	k8s_scheduler:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
	cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-scheduler
	signing_policy: cert_client
	alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
	k8s_controller_manager:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
	cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-controller-manager
	signing_policy: cert_client
	alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
	k8s_admin:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/admin.key
	cert_file: /etc/kubernetes/ssl/admin.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: admin
	organization_name: system:masters
	signing_policy: cert_client