Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 54dac26304607ac7ac2d3014348c246b3162dfb3 / . / salt / minion / cert / k8s_client_single.yml
blob: 17236ecd31c9b31dcc7673bb8c0b6b26455eb999 [file] [log] [blame]
Marek Celoud0d135262017-02-20 18:01:23 +0100[diff] [blame]1parameters:
2 salt:
3 minion:
4 cert:
5 k8s_client:
6 host: ${_param:salt_minion_ca_host}
7 authority: ${_param:salt_minion_ca_authority}
8 key_file: /etc/kubernetes/ssl/kubelet-client.key
9 cert_file: /etc/kubernetes/ssl/kubelet-client.crt
10 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
Andrey Shestakov97fbd982017-12-27 22:29:11 +0200[diff] [blame]11 common_name: system:node:${linux:system:name}
12 organization_name: system:nodes
Marek Celoud0d135262017-02-20 18:01:23 +0100[diff] [blame]13 signing_policy: cert_client
Ivan Berezovskiy388f4f02018-12-04 14:23:50 +0400[diff] [blame]14 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
Sergey Kolekonov517d4492018-11-29 19:47:39 +0400[diff] [blame]15 k8s_client_fqdn:
16 host: ${_param:salt_minion_ca_host}
17 authority: ${_param:salt_minion_ca_authority}
18 key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
19 cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
20 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
21 common_name: system:node:${linux:system:name}.${_param:cluster_domain}
22 organization_name: system:nodes
23 signing_policy: cert_client
24 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
Andrey Shestakov97fbd982017-12-27 22:29:11 +0200[diff] [blame]25 k8s_proxy:
26 host: ${_param:salt_minion_ca_host}
27 authority: ${_param:salt_minion_ca_authority}
28 key_file: /etc/kubernetes/ssl/kube-proxy-client.key
29 cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
30 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
31 common_name: system:kube-proxy
32 signing_policy: cert_client
Ivan Berezovskiy388f4f02018-12-04 14:23:50 +0400[diff] [blame]33 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
Victor Ryzhenkinf1de1612018-02-12 16:25:44 +0000[diff] [blame]34 k8s_scheduler:
35 host: ${_param:salt_minion_ca_host}
36 authority: ${_param:salt_minion_ca_authority}
37 key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
38 cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
39 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
40 common_name: system:kube-scheduler
41 signing_policy: cert_client
Ivan Berezovskiy388f4f02018-12-04 14:23:50 +0400[diff] [blame]42 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
Victor Ryzhenkinf1de1612018-02-12 16:25:44 +0000[diff] [blame]43 k8s_controller_manager:
44 host: ${_param:salt_minion_ca_host}
45 authority: ${_param:salt_minion_ca_authority}
46 key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
47 cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
48 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
49 common_name: system:kube-controller-manager
50 signing_policy: cert_client
Ivan Berezovskiy388f4f02018-12-04 14:23:50 +0400[diff] [blame]51 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
Łukasz Oleś86b2b7d2018-11-20 10:53:58 +0100[diff] [blame]52 k8s_aggregator_proxy:
53 host: ${_param:salt_minion_ca_host}
54 authority: ${_param:salt_minion_ca_authority}
55 key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
56 cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
57 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
58 common_name: system:kube-controller-manager
59 signing_policy: cert_client
60 alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}