airship/promenade
Code Issues Proposed changes
5bb58863b6
promenade/examples/containerd/PKICatalog.yaml
Egorov, Stanislav 66cb4d2367 containerd support 
Introduced new name for the field to define package that has files
which will be used as runtime for UCP containers.

Prepared set of yaml files as an example of containerd usage.

Prepared zuul job to use containerd in simple deployment.

Change-Id: Ifc82a505d064c4f13efccfd92ffc336a510220bf
2019-11-20 16:31:30 -08:00

129 lines
4.0 KiB
YAML
Raw Blame History

---
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: apiserver
description: Service certificate for Kubernetes apiserver
common_name: apiserver
hosts:
- localhost
- 127.0.0.1
- 10.96.0.1
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
- document_name: kubelet-genesis
common_name: system:node:n0
hosts:
- n0
- 192.168.77.10
groups:
- system:nodes
- document_name: kubelet-n0
common_name: system:node:n0
hosts:
- n0
- 192.168.77.10
groups:
- system:nodes
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: controller-manager
description: certificate for controller-manager
common_name: system:kube-controller-manager
- document_name: admin
common_name: admin
groups:
- system:masters
- document_name: armada
common_name: armada
groups:
- system:masters
kubernetes-etcd:
description: Certificates for Kubernetes's etcd servers
certificates:
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
# NOTE(mark-burnett): hosts not required for client certificates
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- document_name: kubernetes-etcd-n0
common_name: kubernetes-etcd-n0
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
kubernetes-etcd-peer:
certificates:
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- document_name: kubernetes-etcd-n0-peer
common_name: kubernetes-etcd-n0-peer
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
- document_name: calico-etcd-n0
common_name: calico-etcd-n0
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node
common_name: calcico-node
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
- document_name: calico-etcd-n0-peer
common_name: calico-etcd-n0-peer
hosts:
- n0
- 192.168.77.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node-peer
common_name: calcico-node-peer
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
...
View Git Blame Copy Permalink