add k8s and etcd single certs
Change-Id: Id444dd62faa795ed10194334e0aab46f736fee2f
diff --git a/salt/minion/cert/etcd_client_single.yml b/salt/minion/cert/etcd_client_single.yml
new file mode 100644
index 0000000..a14e106
--- /dev/null
+++ b/salt/minion/cert/etcd_client_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-client.key
+ cert_file: /var/lib/etcd/etcd-client.crt
+ all_file: /var/lib/etcd/etcd-client.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
new file mode 100644
index 0000000..f9fc585
--- /dev/null
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: serverAuth,clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-server.key
+ cert_file: /var/lib/etcd/etcd-server.crt
+ all_file: /var/lib/etcd/etcd-server.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd