Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 21fefbe79c11c86f1c6f370c649975cef2c69f0f / . / salt / minion / cert / kdt_k8s_client.yml
blob: 1a1c3e1c641a07d8d170055aa9a3bdbae91285bc [file] [log] [blame]
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]1parameters:
2 salt:
3 minion:
4 cert:
5 kdt_k8s_client:
6 host: ${_param:salt_minion_ca_host}
7 authority: ${_param:salt_minion_ca_authority}
8 key_file: /etc/kubernetes/ssl/kubelet-client.key
9 cert_file: /etc/kubernetes/ssl/kubelet-client.crt
10 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
11 common_name: system:node:${linux:system:name}
12 organization_name: system:nodes
13 signing_policy: cert_client
14 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
15 kdt_k8s_client_fqdn:
16 host: ${_param:salt_minion_ca_host}
17 authority: ${_param:salt_minion_ca_authority}
18 key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
19 cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
20 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
21 common_name: system:node:${linux:system:name}.${_param:cluster_domain}
22 organization_name: system:nodes
23 signing_policy: cert_client
24 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
25 kdt_k8s_proxy:
26 host: ${_param:salt_minion_ca_host}
27 authority: ${_param:salt_minion_ca_authority}
28 key_file: /etc/kubernetes/ssl/kube-proxy-client.key
29 cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
30 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
31 common_name: system:kube-proxy
32 signing_policy: cert_client
33 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
34 kdt_k8s_scheduler:
35 host: ${_param:salt_minion_ca_host}
36 authority: ${_param:salt_minion_ca_authority}
37 key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
38 cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
39 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
40 common_name: system:kube-scheduler
41 signing_policy: cert_client
42 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
43 kdt_k8s_controller_manager:
44 host: ${_param:salt_minion_ca_host}
45 authority: ${_param:salt_minion_ca_authority}
46 key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
47 cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
48 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
49 common_name: system:kube-controller-manager
50 signing_policy: cert_client
51 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}
52 kdt_k8s_aggregator_proxy:
53 host: ${_param:salt_minion_ca_host}
54 authority: ${_param:salt_minion_ca_authority}
55 key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
56 cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
57 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
58 common_name: system:kube-controller-manager
59 signing_policy: cert_client
60 alternative_names: IP:${_param:kdt_control_address},IP:${_param:kdt_node01_address},IP:${_param:kdt_node02_address},IP:${_param:kdt_node03_address},IP:${_param:kdt_k8s_internal_api_address}