richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4355 Commits
29 Branches
81 Tags
150 MiB
Tree: 4a10dca7d4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4a10dca7d4'
${ noResults }
kubespray/roles/etcd/templates/openssl.conf.j2

45 lines
1.6 KiB
Raw Normal View History

Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Add etcd TLS support
8 years ago
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Add etcd TLS support
8 years ago
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Add etcd TLS support
8 years ago
Fix DNS entries in etcd's openssl.conf by adding a newline. (#2208) DNS entries generated from 'etcd_cert_alt_names' variable in etcd's openssl.conf are not terminated by a newline. This fixes issue #2207.
6 years ago
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Fix DNS entries in etcd's openssl.conf by adding a newline. (#2208) DNS entries generated from 'etcd_cert_alt_names' variable in etcd's openssl.conf are not terminated by a newline. This fixes issue #2207.
6 years ago
Add etcd TLS support
8 years ago
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Remove hard dependence on facts for all nodes (#4304) * Remove hard dependence on facts for all nodes * Update main.yaml * Update main.yaml
5 years ago
Add etcd TLS support
8 years ago
Add documentation about having HA for etcd
6 years ago
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
  1. {% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
  2. req_extensions = v3_req
  3. distinguished_name = req_distinguished_name
  5. [req_distinguished_name]
  7. [ v3_req ]
  8. basicConstraints = CA:FALSE
  9. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  10. subjectAltName = @alt_names
  12. [ ssl_client ]
  13. extendedKeyUsage = clientAuth, serverAuth
  14. basicConstraints = CA:FALSE
  15. subjectKeyIdentifier=hash
  16. authorityKeyIdentifier=keyid,issuer
  17. subjectAltName = @alt_names
  19. [ v3_ca ]
  20. basicConstraints = CA:TRUE
  21. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  22. subjectAltName = @alt_names
  23. authorityKeyIdentifier=keyid:always,issuer
  25. [alt_names]
  26. DNS.1 = localhost
  27. {% for host in groups['etcd'] %}
  28. DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
  29. {% endfor %}
  30. {% if apiserver_loadbalancer_domain_name is defined %}
  31. DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
  32. {% endif %}
  33. {% for etcd_alt_name in etcd_cert_alt_names %}
  34. DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
  35. {% endfor %}
  36. {% for host in groups['etcd'] %}
  37. {% if hostvars[host]['access_ip'] is defined %}
  38. IP.{{ counter["ip"] }} = {{ hostvars[host]['access_ip'] }}{{ increment(counter, 'ip') }}
  39. {% endif %}
  40. IP.{{ counter["ip"] }} = {{ hostvars[host]['ip'] | default(fallback_ips[host]) }}{{ increment(counter, 'ip') }}
  41. {% endfor %}
  42. {% for cert_alt_ip in etcd_cert_alt_ips %}
  43. IP.{{ counter["ip"] }} = {{ cert_alt_ip }}{{ increment(counter, 'ip') }}
  44. {% endfor %}
  45. IP.{{ counter["ip"] }} = 127.0.0.1