99 lines
2.4 KiB
Plaintext
99 lines
2.4 KiB
Plaintext
[req]
|
|
distinguished_name = req_distinguished_name
|
|
prompt = no
|
|
x509_extensions = ca_x509_extensions
|
|
|
|
[ca_x509_extensions]
|
|
basicConstraints = CA:TRUE
|
|
keyUsage = cRLSign, keyCertSign
|
|
|
|
[req_distinguished_name]
|
|
C = US
|
|
ST = Washington
|
|
L = Seattle
|
|
CN = Kubernetes
|
|
O = Kubernetes
|
|
OU = CA
|
|
|
|
|
|
[controller0-proxy]
|
|
distinguished_name = controller0_distinguished_name
|
|
prompt = no
|
|
req_extensions = controller0_req_extensions
|
|
|
|
[controller0_req_extensions]
|
|
basicConstraints = CA:FALSE
|
|
extendedKeyUsage = clientAuth, serverAuth
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
nsCertType = client
|
|
nsComment = "controller0-proxy Certificate"
|
|
subjectAltName = @controller0_alt_names
|
|
subjectKeyIdentifier = hash
|
|
|
|
[controller0_distinguished_name]
|
|
CN = system:node:controller0
|
|
O = system:nodes
|
|
C = US
|
|
ST = Washington
|
|
L = Seattle
|
|
|
|
[controller0_alt_names]
|
|
IP.0 = 127.0.0.1
|
|
IP.1 = 10.215.1.221
|
|
IP.2 = 2620:11f:7001:7:ffff:ffff:0ad7:01dd
|
|
DNS.0 = controller0
|
|
|
|
[controller1-proxy]
|
|
distinguished_name = controller1_distinguished_name
|
|
prompt = no
|
|
req_extensions = controller1_req_extensions
|
|
|
|
[controller1_req_extensions]
|
|
basicConstraints = CA:FALSE
|
|
extendedKeyUsage = clientAuth, serverAuth
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
nsCertType = client
|
|
nsComment = "controller1-proxy Certificate"
|
|
subjectAltName = @controller1_alt_names
|
|
subjectKeyIdentifier = hash
|
|
|
|
[controller1_distinguished_name]
|
|
CN = system:node:controller1
|
|
O = system:nodes
|
|
C = US
|
|
ST = Washington
|
|
L = Seattle
|
|
|
|
[controller1_alt_names]
|
|
IP.0 = 127.0.0.1
|
|
IP.4 = 10.215.1.222
|
|
IP.5 = 2620:11f:7001:7:ffff:ffff:0ad7:01de
|
|
DNS.0 = controller1
|
|
|
|
[controller2-proxy]
|
|
distinguished_name = controller2_distinguished_name
|
|
prompt = no
|
|
req_extensions = controller2_req_extensions
|
|
|
|
[controller2_req_extensions]
|
|
basicConstraints = CA:FALSE
|
|
extendedKeyUsage = clientAuth, serverAuth
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
nsCertType = client
|
|
nsComment = "controller2-proxy Certificate"
|
|
subjectAltName = @controller2_alt_names
|
|
subjectKeyIdentifier = hash
|
|
|
|
[controller2_distinguished_name]
|
|
CN = system:node:controller2
|
|
O = system:nodes
|
|
C = US
|
|
ST = Washington
|
|
L = Seattle
|
|
|
|
[controller2_alt_names]
|
|
IP.0 = 127.0.0.1
|
|
IP.1 = 10.215.1.223
|
|
IP.2 = 2620:11f:7001:7:ffff:ffff:0ad7:01df
|
|
DNS.0 = controller2
|