Felipe Monteiro b598e850cc pki: Add documentation for PKI implementation
This adds documentation for the PKI implementation
in Pegleg that was recently ported from Promenade.

Change-Id: I248ec62a0c3523fc5f3950a6a678cf6d998b093a
2019-08-07 14:07:32 +02:00

1.6 KiB

Public Key Infrastructure (PKI) Catalog

Configuration for certificate and keypair generation in the cluster. The pegleg generate-certs command will read all PKICatalog documents and either find pre-existing certificates/keys, or generate new ones based on the given definition.

Dependencies

Pegleg's PKI Catalog depends on CloudFlare's PKI/TLS toolkit, which is installed as a part of Pegleg's Dockerfile.

Sample Document

Here is a sample document:

../../../site_yamls/site/pki-catalog.yaml

Certificate Authorities

The data in the certificate-authorities key is used to generate certificates for each authority and node.

Each certificate authority requires essential host-specific information for each node.