---
# The directory from where to copy the K8s certificates. By default this
# will expand to user's LOCAL $HOME (the user that run's "ansible-playbook ..."
# plus "/k8s/certs". That means if the user's $HOME directory is e.g.
# "/home/da_user" then "k8s_ca_conf_directory" will have a value of
# "/home/da_user/k8s/certs".
k8s_ca_conf_directory: "{{ '~/k8s/certs' | expanduser }}"
k8s_ca_certificate_owner: "root"
k8s_ca_certificate_group: "root"


# Expiry for Kubernetes API server root certificates
ca_expiry: "87600h"

k8s_csr:
  master:
    - name: "ca"
      cn: "Kubernetes"
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "Kubernetes"
      names_ou: "CA"
      names_st: "Luxembourg"
    - name: "etcd"
      cn: "Etcd"
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "Kubernetes"
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
      hostnames: "{{etcdHosts}}"
    - name: "apiserver"    
      cn: "Kubernetes"
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "Kubernetes"
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
      hostnames: "{{k8sHosts}}"
    - name: "admin"
      cn: "admin"
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "system:masters" # DO NOT CHANGE!
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
    - name: "kube-proxy"
      cn: "system:kube-proxy" # DO NOT CHANGE!
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "system:node-proxier" # DO NOT CHANGE!
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
    - name: "kube-controller-manager"
      cn: "system:kube-controller-manager" # DO NOT CHANGE!
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "system:kube-controller-manager" # DO NOT CHANGE!
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
    - name: "kube-scheduler"
      cn: "system:kube-scheduler" # DO NOT CHANGE!
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "system:kube-scheduler" # DO NOT CHANGE!
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
    - name: "service-account"
      cn: "service-accounts"
      key_algo: "rsa"
      key_size: "2048"
      names_c: "BE"
      names_l: "The_Internet"
      names_o: "Kubernetes"
      names_ou: "{{ k8s_config_cluster_name }}"
      names_st: "Luxembourg"
  worker:
    name: "worker"
    key_algo: "rsa"
    key_size: "2048"
    names_c: "BE"
    names_l: "The_Internet"
    names_o: "system:nodes" # DO NOT CHANGE!
    names_ou: "{{ k8s_config_cluster_name }}"
    names_st: "Luxembourg"

etcd_cert_hosts:
  - 127.0.0.1
  - etcd0
  - etcd1
  - etcd2

k8s_apiserver_cert_hosts:
  - 127.0.0.1
  - 10.32.0.1
  - kubernetes
  - kubernetes.default
  - kubernetes.default.svc
  - kubernetes.default.svc.cluster.local