Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / b9ac4fd3e5b10c3291daf9b65f1e2a405e4d4a6a / . / salt / minion / cert / kdt_k8s_client_single.yml
blob: d84dfcffe453effe88f0744e612b60127ef7c67c [file] [log] [blame]
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]1parameters:
2 salt:
3 minion:
4 cert:
5 kdt_k8s_client:
6 host: ${_param:salt_minion_ca_host}
7 authority: ${_param:salt_minion_ca_authority}
8 key_file: /etc/kubernetes/ssl/kubelet-client.key
9 cert_file: /etc/kubernetes/ssl/kubelet-client.crt
10 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
11 common_name: system:node:${linux:system:name}
12 organization_name: system:nodes
13 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]14 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]15 kdt_k8s_client_fqdn:
16 host: ${_param:salt_minion_ca_host}
17 authority: ${_param:salt_minion_ca_authority}
18 key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
19 cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
20 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
21 common_name: system:node:${linux:system:name}.${_param:cluster_domain}
22 organization_name: system:nodes
23 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]24 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]25 kdt_k8s_proxy:
26 host: ${_param:salt_minion_ca_host}
27 authority: ${_param:salt_minion_ca_authority}
28 key_file: /etc/kubernetes/ssl/kube-proxy-client.key
29 cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
30 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
31 common_name: system:kube-proxy
32 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]33 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]34 kdt_k8s_scheduler:
35 host: ${_param:salt_minion_ca_host}
36 authority: ${_param:salt_minion_ca_authority}
37 key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
38 cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
39 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
40 common_name: system:kube-scheduler
41 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]42 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]43 kdt_k8s_controller_manager:
44 host: ${_param:salt_minion_ca_host}
45 authority: ${_param:salt_minion_ca_authority}
46 key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
47 cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
48 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
49 common_name: system:kube-controller-manager
50 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]51 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}
Ivan Berezovskiydd1bde82019-02-04 17:29:55 +0400[diff] [blame]52 kdt_k8s_aggregator_proxy:
53 host: ${_param:salt_minion_ca_host}
54 authority: ${_param:salt_minion_ca_authority}
55 key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key
56 cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt
57 ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
58 common_name: system:kube-controller-manager
59 signing_policy: cert_client
Ivan Berezovskiyc984e882019-03-13 19:32:42 +0400[diff] [blame]60 alternative_names: IP:${_param:single_address},IP:${_param:kdt_k8s_internal_api_address}