342 lines
9.9 KiB
YAML
342 lines
9.9 KiB
YAML
---
|
|
schema: promenade/PKICatalog/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: cluster-certificates
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data:
|
|
certificate_authorities:
|
|
kubernetes:
|
|
description: CA for Kubernetes components
|
|
certificates:
|
|
- document_name: apiserver
|
|
description: Service certificate for Kubernetes apiserver
|
|
common_name: apiserver
|
|
hosts:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- 10.96.0.1
|
|
kubernetes_service_names:
|
|
- kubernetes.default.svc.cluster.local
|
|
|
|
- document_name: kubelet-genesis
|
|
common_name: system:node:cab2r72c16
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c12
|
|
common_name: system:node:cab2r72c12
|
|
hosts:
|
|
- cab2r72c12
|
|
- 10.0.220.12
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c13
|
|
common_name: system:node:cab2r72c13
|
|
hosts:
|
|
- cab2r72c13
|
|
- 10.0.220.13
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c14
|
|
common_name: system:node:cab2r72c14
|
|
hosts:
|
|
- cab2r72c14
|
|
- 10.0.220.14
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c15
|
|
common_name: system:node:cab2r72c15
|
|
hosts:
|
|
- cab2r72c15
|
|
- 10.0.220.15
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c16
|
|
common_name: system:node:cab2r72c16
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r72c17
|
|
common_name: system:node:cab2r72c17
|
|
hosts:
|
|
- cab2r72c17
|
|
- 10.0.220.17
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c12
|
|
common_name: system:node:cab2r73c12
|
|
hosts:
|
|
- cab2r73c12
|
|
- 10.0.220.18
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c13
|
|
common_name: system:node:cab2r73c13
|
|
hosts:
|
|
- cab2r73c13
|
|
- 10.0.220.19
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c14
|
|
common_name: system:node:cab2r73c14
|
|
hosts:
|
|
- cab2r73c14
|
|
- 10.0.220.20
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c15
|
|
common_name: system:node:cab2r73c15
|
|
hosts:
|
|
- cab2r73c15
|
|
- 10.0.220.21
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c16
|
|
common_name: system:node:cab2r73c16
|
|
hosts:
|
|
- cab2r73c16
|
|
- 10.0.220.22
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: kubelet-cab2r73c17
|
|
common_name: system:node:cab2r73c17
|
|
hosts:
|
|
- cab2r73c17
|
|
- 10.0.220.23
|
|
-
|
|
groups:
|
|
- system:nodes
|
|
- document_name: scheduler
|
|
description: Service certificate for Kubernetes scheduler
|
|
common_name: system:kube-scheduler
|
|
- document_name: controller-manager
|
|
description: certificate for controller-manager
|
|
common_name: system:kube-controller-manager
|
|
- document_name: admin
|
|
common_name: admin
|
|
groups:
|
|
- system:masters
|
|
- document_name: armada
|
|
common_name: armada
|
|
groups:
|
|
- system:masters
|
|
kubernetes-etcd:
|
|
description: Certificates for Kubernetes's etcd servers
|
|
certificates:
|
|
- document_name: apiserver-etcd
|
|
description: etcd client certificate for use by Kubernetes apiserver
|
|
common_name: apiserver
|
|
- document_name: kubernetes-etcd-anchor
|
|
description: anchor
|
|
common_name: anchor
|
|
- document_name: kubernetes-etcd-genesis
|
|
common_name: kubernetes-etcd-genesis
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r72c16
|
|
common_name: kubernetes-etcd-cab2r72c16
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r72c17
|
|
common_name: kubernetes-etcd-cab2r72c17
|
|
hosts:
|
|
- cab2r72c17
|
|
- 10.0.220.17
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r73c16
|
|
common_name: kubernetes-etcd-cab2r73c16
|
|
hosts:
|
|
- cab2r73c16
|
|
- 10.0.220.22
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r73c17
|
|
common_name: kubernetes-etcd-cab2r73c17
|
|
hosts:
|
|
- cab2r73c17
|
|
- 10.0.220.23
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
kubernetes-etcd-peer:
|
|
certificates:
|
|
- document_name: kubernetes-etcd-genesis-peer
|
|
common_name: kubernetes-etcd-genesis-peer
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r72c16-peer
|
|
common_name: kubernetes-etcd-cab2r72c16-peer
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r72c17-peer
|
|
common_name: kubernetes-etcd-cab2r72c17-peer
|
|
hosts:
|
|
- cab2r72c17
|
|
- 10.0.220.17
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r73c16-peer
|
|
common_name: kubernetes-etcd-cab2r73c16-peer
|
|
hosts:
|
|
- cab2r73c16
|
|
- 10.0.220.22
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
- document_name: kubernetes-etcd-cab2r73c17-peer
|
|
common_name: kubernetes-etcd-cab2r73c17-peer
|
|
hosts:
|
|
- cab2r73c17
|
|
- 10.0.220.23
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- kubernetes-etcd.kube-system.svc.cluster.local
|
|
- 10.96.0.2
|
|
ksn-etcd:
|
|
description: Certificates for Calico etcd client traffic
|
|
certificates:
|
|
- document_name: ksn-etcd-anchor
|
|
description: anchor
|
|
common_name: anchor
|
|
- document_name: ksn-etcd-cab2r72c16
|
|
common_name: ksn-etcd-cab2r72c16
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r72c17
|
|
common_name: ksn-etcd-cab2r72c17
|
|
hosts:
|
|
- cab2r72c17
|
|
- 10.0.220.17
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r73c16
|
|
common_name: ksn-etcd-cab2r73c16
|
|
hosts:
|
|
- cab2r73c16
|
|
- 10.0.220.22
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r73c17
|
|
common_name: ksn-etcd-cab2r73c17
|
|
hosts:
|
|
- cab2r73c17
|
|
- 10.0.220.23
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-node
|
|
common_name: calcico-node
|
|
ksn-etcd-peer:
|
|
description: Certificates for Calico etcd clients
|
|
certificates:
|
|
- document_name: ksn-etcd-cab2r72c16-peer
|
|
common_name: ksn-etcd-cab2r72c16-peer
|
|
hosts:
|
|
- cab2r72c16
|
|
- 10.0.220.16
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r72c17-peer
|
|
common_name: ksn-etcd-cab2r72c17-peer
|
|
hosts:
|
|
- cab2r72c17
|
|
- 10.0.220.17
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r73c16-peer
|
|
common_name: ksn-etcd-cab2r73c16-peer
|
|
hosts:
|
|
- cab2r73c16
|
|
- 10.0.220.22
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-etcd-cab2r73c17-peer
|
|
common_name: ksn-etcd-cab2r73c17-peer
|
|
hosts:
|
|
- cab2r73c17
|
|
- 10.0.220.23
|
|
-
|
|
- 127.0.0.1
|
|
- localhost
|
|
- 10.96.232.136
|
|
- document_name: ksn-node-peer
|
|
common_name: calico-node-peer
|
|
keypairs:
|
|
- name: service-account
|
|
description: Service account signing key for use by Kubernetes controller-manager.
|
|
... |