1 /* 2 Copyright 2016 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package certs 18 19 /* 20 21 PHASE: CERTIFICATES 22 23 INPUTS: 24 From InitConfiguration 25 .API.AdvertiseAddress is an optional parameter that can be passed for an extra addition to the SAN IPs 26 .APIServer.CertSANs is an optional parameter for adding DNS names and IPs to the API Server serving cert SAN 27 .Etcd.Local.ServerCertSANs is an optional parameter for adding DNS names and IPs to the etcd serving cert SAN 28 .Etcd.Local.PeerCertSANs is an optional parameter for adding DNS names and IPs to the etcd peer cert SAN 29 .Networking.DNSDomain is needed for knowing which DNS name the internal Kubernetes service has 30 .Networking.ServiceSubnet is needed for knowing which IP the internal Kubernetes service is going to point to 31 .CertificatesDir is required for knowing where all certificates should be stored 32 33 OUTPUTS: 34 Files to .CertificatesDir (default /etc/kubernetes/pki): 35 - ca.crt 36 - ca.key 37 - apiserver.crt 38 - apiserver.key 39 - apiserver-kubelet-client.crt 40 - apiserver-kubelet-client.key 41 - apiserver-etcd-client.crt 42 - apiserver-etcd-client.key 43 - etcd/ca.crt 44 - etcd/ca.key 45 - etcd/server.crt 46 - etcd/server.key 47 - etcd/peer.crt 48 - etcd/peer.key 49 - etcd/healthcheck-client.crt 50 - etcd/healthcheck-client.key 51 - sa.pub 52 - sa.key 53 - front-proxy-ca.crt 54 - front-proxy-ca.key 55 - front-proxy-client.crt 56 - front-proxy-client.key 57 58 */ 59