- name: etcd-server
  ca: etcd
  profile: server
  per_host: true
  template: |
    {"CN":"{{.host.name}}","hosts":["127.0.0.1","{{.host.ip}}"],"key":{"algo":"ecdsa","size":256}}
- name: etcd-peer
  ca: etcd
  profile: peer
  per_host: true
  template: |
    {"CN":"{{.host.name}}","hosts":["127.0.0.1","{{.host.ip}}"],"key":{"algo":"ecdsa","size":256}}
- name: etcd-client
  ca: etcd
  profile: client
  template: |
    {"CN":"client","hosts":["*"],"key":{"algo":"ecdsa","size":256}}

- name: apiserver
  ca: cluster
  profile: server
  per_host: true
  template: |
    {"CN":"{{.host.name}}","hosts":[
        "kubernetes", "kubernetes.default", "kubernetes.default.svc.{{.cluster.domain}}","{{.host.name}}",
        "127.0.0.1","{{.cluster.kubernetes_svc_ip}}","{{.vars.public_vip}}",
        {{- if .vars.apiserver_vip }}"{{.vars.apiserver_vip}}",{{ end }}
        "{{.host.ip}}"
    ],"key":{"algo":"ecdsa","size":521}}
- name: cluster-client
  ca: cluster
  profile: client
  template: |
    {"CN":"client","hosts":["*"],"key":{"algo":"ecdsa","size":256}}
- name: kubelet-client
  ca: cluster
  profile: client
  template: |
    {"CN":"kubelet-client","names":[{"O":"system:masters"}],"hosts":["*"],"key":{"algo":"ecdsa","size":256}}