Initial commit

cert-requests.yaml

@@ -0,0 +1,46 @@
+- name: etcd-server
+  ca: etcd
+  profile: server
+  per_host: true
+  template: |
+    {"CN":"{{.host.name}}","hosts":["127.0.0.1","{{.host.ip}}"],"key":{"algo":"ecdsa","size":256}}
+- name: etcd-peer
+  ca: etcd
+  profile: peer
+  per_host: true
+  template: |
+    {"CN":"{{.host.name}}","hosts":["127.0.0.1","{{.host.ip}}"],"key":{"algo":"ecdsa","size":256}}
+- name: etcd-client
+  ca: etcd
+  profile: client
+  template: |
+    {"CN":"client","hosts":["*"],"key":{"algo":"ecdsa","size":256}}
+
+- name: apiserver
+  ca: cluster
+  profile: server
+  per_host: true
+  template: |
+    {"CN":"{{.host.name}}","hosts":[
+        "kubernetes", "kubernetes.default", "kubernetes.default.svc.{{.cluster.domain}}","{{.host.name}}",
+        "127.0.0.1","::1","{{.cluster.kubernetes_svc_ip}}",
+        {{- if .vars.public_vip }}"{{.vars.public_vip}}",{{end}}
+        {{- if .vars.dmz_vip }}"{{.vars.dmz_vip}}",{{end}}
+        {{- if .vars.apiserver_vip }}"{{.vars.apiserver_vip}}",{{ end }}
+        "{{.host.ip}}"
+    ],"key":{"algo":"ecdsa","size":521}}
+- name: cluster-client
+  ca: cluster
+  profile: client
+  template: |
+    {"CN":"client","hosts":["*"],"key":{"algo":"ecdsa","size":256}}
+- name: kubelet-client
+  ca: cluster
+  profile: client
+  template: |
+    {"CN":"kubelet-client","names":[{"O":"system:masters"}],"hosts":["*"],"key":{"algo":"ecdsa","size":256}}
+- name: proxy-client
+  ca: proxy
+  profile: client
+  template: |
+    {"CN":"proxy-client","hosts":["*"],"key":{"algo":"ecdsa","size":256}}