Public Key Infrastructure (PKI) Catalog¶
Configuration for certificate and keypair generation in the cluster. The
pegleg secrets generate certificates
command will read all PKICatalog
documents and either find pre-existing certificates/keys, or generate new ones
based on the given definition.
Dependencies¶
Pegleg’s PKI Catalog depends on CloudFlare’s PKI/TLS toolkit, which is installed as a part of Pegleg’s Dockerfile.
Sample Document¶
Here is a sample document:
# Basic example of pki-catalog.yaml for k8s.
---
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates-addition
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: kubelet-n3
common_name: system:node:n3
hosts:
- n3
- 192.168.77.13
groups:
- system:nodes
...