---
# The purpose of this file is to define the PKI certificates for the environment
#
# NOTE: When deploying a new site, this file should not be configured until
# baremetal/nodes.yaml is complete.
#
schema: promenade/PKICatalog/v1
metadata:
  schema: metadata/Document/v1
  name: cluster-certificates
  layeringDefinition:
    abstract: false
    layer: site
  storagePolicy: cleartext
data:
  certificate_authorities:
    kubernetes:
      description: CA for Kubernetes components
      certificates:

        # NEWSITE-CHANGEME: The following should be a list of all the nodes in
        # the environment (genesis, control plane, data plane, everything).
        # Add/delete from this list as necessary until all nodes are listed.
        # For each node, the `hosts` list should be comprised of:
        #   1. The node's hostname
        #   2. The node's ksn/Calico IP address
        # master nodes
        - document_name: kubelet-pod17-node1
          common_name: system:node:pod17-node1
          hosts:
            - pod17-node1
            - 10.10.172.21
          groups:
            - system:nodes
        - document_name: kubelet-pod17-node2
          common_name: system:node:pod17-node2
          hosts:
            - pod17-node2
            - 10.10.172.22
          groups:
            - system:nodes
        - document_name: kubelet-pod17-node3
          common_name: system:node:pod17-node3
          hosts:
            - pod17-node3
            - 10.10.172.23
          groups:
            - system:nodes

        # work nodes
        - document_name: kubelet-pod17-node5
          common_name: system:node:pod17-node5
          hosts:
            # values from baremetal/nodes.yaml
            - pod17-node5
            - 10.10.172.25
          groups:
            - system:nodes
        # End node list
...