b598e850cc
This adds documentation for the PKI implementation in Pegleg that was recently ported from Promenade. Change-Id: I248ec62a0c3523fc5f3950a6a678cf6d998b093a
1.6 KiB
1.6 KiB
Public Key Infrastructure (PKI) Catalog
Configuration for certificate and keypair generation in the cluster.
The pegleg generate-certs
command will read all
PKICatalog
documents and either find pre-existing
certificates/keys, or generate new ones based on the given
definition.
Dependencies
Pegleg's PKI Catalog depends on CloudFlare's PKI/TLS toolkit, which is installed as a part of Pegleg's Dockerfile.
Sample Document
Here is a sample document:
../../../site_yamls/site/pki-catalog.yaml
Certificate Authorities
The data in the certificate-authorities
key is used to
generate certificates for each authority and node.
Each certificate authority requires essential host-specific information for each node.