Custom kubernetes-ca role

roles/kubernetes-ca/templates/ca-etcd-config.json.j2

@@ -0,0 +1,18 @@
+{
+  "signing": {
+    "default": {
+      "expiry": "{{ ca_etcd_expiry }}"
+    },
+    "profiles": {
+      "etcd": {
+         "usages": [
+            "signing",
+            "key encipherment",
+            "server auth",
+            "client auth"
+          ],
+          "expiry": "{{ ca_etcd_expiry }}"
+      }
+    }
+  }
+}

roles/kubernetes-ca/templates/ca-etcd-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{ca_etcd_csr_cn}}",
+  "key": {
+    "algo": "{{ca_etcd_csr_key_algo}}",
+    "size": {{ca_etcd_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{ca_etcd_csr_names_c}}",
+      "L": "{{ca_etcd_csr_names_l}}",
+      "O": "{{ca_etcd_csr_names_o}}",
+      "OU": "{{ca_etcd_csr_names_ou}}",
+      "ST": "{{ca_etcd_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/ca-k8s-apiserver-config.json.j2

@@ -0,0 +1,18 @@
+{
+  "signing": {
+    "default": {
+      "expiry": "{{ ca_k8s_apiserver_expiry }}"
+    },
+    "profiles": {
+      "kubernetes": {
+         "usages": [
+            "signing",
+            "key encipherment",
+            "server auth",
+            "client auth"
+          ],
+          "expiry": "{{ ca_k8s_apiserver_expiry }}"
+      }
+    }
+  }
+}

roles/kubernetes-ca/templates/ca-k8s-apiserver-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{ca_k8s_apiserver_csr_cn}}",
+  "key": {
+    "algo": "{{ca_k8s_apiserver_csr_key_algo}}",
+    "size": {{ca_k8s_apiserver_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{ca_k8s_apiserver_csr_names_c}}",
+      "L": "{{ca_k8s_apiserver_csr_names_l}}",
+      "O": "{{ca_k8s_apiserver_csr_names_o}}",
+      "OU": "{{ca_k8s_apiserver_csr_names_ou}}",
+      "ST": "{{ca_k8s_apiserver_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-admin-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_admin_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_admin_csr_key_algo}}",
+    "size": {{k8s_admin_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_admin_csr_names_c}}",
+      "L": "{{k8s_admin_csr_names_l}}",
+      "O": "{{k8s_admin_csr_names_o}}",
+      "OU": "{{k8s_admin_csr_names_ou}}",
+      "ST": "{{k8s_admin_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-etcd-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{etcd_csr_cn}}",
+  "key": {
+    "algo": "{{etcd_csr_key_algo}}",
+    "size": {{etcd_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{etcd_csr_names_c}}",
+      "L": "{{etcd_csr_names_l}}",
+      "O": "{{etcd_csr_names_o}}",
+      "OU": "{{etcd_csr_names_ou}}",
+      "ST": "{{etcd_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-k8s-apiserver-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_apiserver_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_apiserver_csr_key_algo}}",
+    "size": {{k8s_apiserver_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_apiserver_csr_names_c}}",
+      "L": "{{k8s_apiserver_csr_names_l}}",
+      "O": "{{k8s_apiserver_csr_names_o}}",
+      "OU": "{{k8s_apiserver_csr_names_ou}}",
+      "ST": "{{k8s_apiserver_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-k8s-controller-manager-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_controller_manager_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_controller_manager_csr_key_algo}}",
+    "size": {{k8s_controller_manager_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_controller_manager_csr_names_c}}",
+      "L": "{{k8s_controller_manager_csr_names_l}}",
+      "O": "{{k8s_controller_manager_csr_names_o}}",
+      "OU": "{{k8s_controller_manager_csr_names_ou}}",
+      "ST": "{{k8s_controller_manager_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-k8s-controller-manager-sa-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_controller_manager_sa_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_controller_manager_sa_csr_key_algo}}",
+    "size": {{k8s_controller_manager_sa_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_controller_manager_sa_csr_names_c}}",
+      "L": "{{k8s_controller_manager_sa_csr_names_l}}",
+      "O": "{{k8s_controller_manager_sa_csr_names_o}}",
+      "OU": "{{k8s_controller_manager_sa_csr_names_ou}}",
+      "ST": "{{k8s_controller_manager_sa_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-k8s-proxy-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_kube_proxy_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_kube_proxy_csr_key_algo}}",
+    "size": {{k8s_kube_proxy_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_kube_proxy_csr_names_c}}",
+      "L": "{{k8s_kube_proxy_csr_names_l}}",
+      "O": "{{k8s_kube_proxy_csr_names_o}}",
+      "OU": "{{k8s_kube_proxy_csr_names_ou}}",
+      "ST": "{{k8s_kube_proxy_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-k8s-scheduler-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "{{k8s_scheduler_csr_cn}}",
+  "key": {
+    "algo": "{{k8s_scheduler_csr_key_algo}}",
+    "size": {{k8s_scheduler_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_scheduler_csr_names_c}}",
+      "L": "{{k8s_scheduler_csr_names_l}}",
+      "O": "{{k8s_scheduler_csr_names_o}}",
+      "OU": "{{k8s_scheduler_csr_names_ou}}",
+      "ST": "{{k8s_scheduler_csr_names_st}}"
+    }
+  ]
+}

roles/kubernetes-ca/templates/cert-worker-csr.json.j2

@@ -0,0 +1,16 @@
+{
+  "CN": "system:node:{{hostvars[workerHost]['ansible_hostname']}}",
+  "key": {
+    "algo": "{{k8s_worker_csr_key_algo}}",
+    "size": {{k8s_worker_csr_key_size}}
+  },
+  "names": [
+    {
+      "C": "{{k8s_worker_csr_names_c}}",
+      "L": "{{k8s_worker_csr_names_l}}",
+      "O": "{{k8s_worker_csr_names_o}}",
+      "OU": "{{k8s_worker_csr_names_ou}}",
+      "ST": "{{k8s_worker_csr_names_st}}"
+    }
+  ]
+}