salt/minion/cert/kdt_k8s_client_single.yml - salt-models/reclass-system - Gitiles

 parameters:
   salt:
     minion:
       cert:
         kdt_k8s_client:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kubelet-client.key
           cert_file: /etc/kubernetes/ssl/kubelet-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:node:${linux:system:name}
           organization_name: system:nodes
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
         kdt_k8s_client_fqdn:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
           cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:node:${linux:system:name}.${_param:cluster_domain}
           organization_name: system:nodes
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
         kdt_k8s_proxy:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-proxy-client.key
           cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-proxy
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
         kdt_k8s_scheduler:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
           cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-scheduler
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
         kdt_k8s_controller_manager:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
           cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-controller-manager
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
         kdt_k8s_aggregator_proxy:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
           key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
           cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-controller-manager
           signing_policy: cert_client
           alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	parameters:
	salt:
	minion:
	cert:
	kdt_k8s_client:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kubelet-client.key
	cert_file: /etc/kubernetes/ssl/kubelet-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:node:${linux:system:name}
	organization_name: system:nodes
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	kdt_k8s_client_fqdn:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
	cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:node:${linux:system:name}.${_param:cluster_domain}
	organization_name: system:nodes
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	kdt_k8s_proxy:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-proxy-client.key
	cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-proxy
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	kdt_k8s_scheduler:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
	cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-scheduler
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	kdt_k8s_controller_manager:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
	cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-controller-manager
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}
	kdt_k8s_aggregator_proxy:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:salt_minion_ca_authority}
	key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
	cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
	ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
	common_name: system:kube-controller-manager
	signing_policy: cert_client
	alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_k8s_internal_api_address}