| parameters: | |
| salt: | |
| minion: | |
| cert: | |
| k8s_client: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kubelet-client.key | |
| cert_file: /etc/kubernetes/ssl/kubelet-client.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:node:${linux:system:name} | |
| organization_name: system:nodes | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} | |
| k8s_client_fqdn: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key | |
| cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:node:${linux:system:name}.${_param:cluster_domain} | |
| organization_name: system:nodes | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} | |
| k8s_proxy: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kube-proxy-client.key | |
| cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:kube-proxy | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} | |
| k8s_scheduler: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kube-scheduler-client.key | |
| cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:kube-scheduler | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} | |
| k8s_controller_manager: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key | |
| cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:kube-controller-manager | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} | |
| k8s_aggregator_proxy: | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key | |
| cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt | |
| ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt | |
| common_name: system:kube-controller-manager | |
| signing_policy: cert_client | |
| alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address} |