epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Generate TLS certs for calico typha (#5258)

Browse Source 
* Generate TLS certs for calico typha

Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707

* Add group vars note

Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
This commit is contained in:
Matthew Mosesohn
2019-10-17 17:02:38 +03:00
committed by Kubernetes Prow Robot
parent 81d57fe658
commit a1fff30bd9
12 changed files with 249 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/network_plugin/calico/files/openssl.conf Normal file
View File

@@ -0,0 +1,20 @@
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
[ ssl_client ]
extendedKeyUsage = clientAuth, serverAuth
basicConstraints = CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_ca ]
basicConstraints = CA:TRUE
keyUsage = cRLSign, digitalSignature, keyCertSign
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer