mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 13:46:59 +01:00
111 lines
3.1 KiB
YAML
111 lines
3.1 KiB
YAML
---
|
|
# The directory from where to copy the K8s certificates. By default this
|
|
# will expand to user's LOCAL $HOME (the user that run's "ansible-playbook ..."
|
|
# plus "/k8s/certs". That means if the user's $HOME directory is e.g.
|
|
# "/home/da_user" then "k8s_ca_conf_directory" will have a value of
|
|
# "/home/da_user/k8s/certs".
|
|
k8s_ca_conf_directory: "{{ '~/k8s/certs' | expanduser }}"
|
|
k8s_ca_certificate_owner: "root"
|
|
k8s_ca_certificate_group: "root"
|
|
|
|
|
|
# Expiry for Kubernetes API server root certificates
|
|
ca_expiry: "87600h"
|
|
|
|
k8s_csr:
|
|
master:
|
|
- name: "ca"
|
|
cn: "Kubernetes"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "Kubernetes"
|
|
names_ou: "CA"
|
|
names_st: "Luxembourg"
|
|
- name: "etcd"
|
|
cn: "Etcd"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "Kubernetes"
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "apiserver"
|
|
cn: "Kubernetes"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "Kubernetes"
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "admin"
|
|
cn: "admin"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "system:masters" # DO NOT CHANGE!
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "kube-proxy"
|
|
cn: "system:kube-proxy" # DO NOT CHANGE!
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "system:node-proxier" # DO NOT CHANGE!
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "kube-controller-manager"
|
|
cn: "system:kube-controller-manager" # DO NOT CHANGE!
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "system:kube-controller-manager" # DO NOT CHANGE!
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "kube-scheduler"
|
|
cn: "system:kube-scheduler" # DO NOT CHANGE!
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "system:kube-scheduler" # DO NOT CHANGE!
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
- name: "service-account"
|
|
cn: "service-accounts"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "Kubernetes"
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
worker:
|
|
name: "worker"
|
|
key_algo: "rsa"
|
|
key_size: "2048"
|
|
names_c: "BE"
|
|
names_l: "The_Internet"
|
|
names_o: "system:nodes" # DO NOT CHANGE!
|
|
names_ou: "{{ k8s_config_cluster_name }}"
|
|
names_st: "Luxembourg"
|
|
|
|
etcd_cert_hosts:
|
|
- 127.0.0.1
|
|
- etcd0
|
|
- etcd1
|
|
- etcd2
|
|
|
|
k8s_apiserver_cert_hosts:
|
|
- 127.0.0.1
|
|
- 10.32.0.1
|
|
- kubernetes
|
|
- kubernetes.default
|
|
- kubernetes.default.svc
|
|
- kubernetes.default.svc.cluster.local
|