talos

1
syntax = "proto3";
2

3
package talos.resource.definitions.secrets;
4

5
option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/secrets";
6

7
import "common/common.proto";
8

9
// APICertsSpec describes etcd certs secrets.
10
message APICertsSpec {
11
  common.PEMEncodedCertificateAndKey client = 2;
12
  common.PEMEncodedCertificateAndKey server = 3;
13
  repeated common.PEMEncodedCertificate accepted_c_as = 4;
14
}
15

16
// CertSANSpec describes fields of the cert SANs.
17
message CertSANSpec {
18
  repeated common.NetIP i_ps = 1;
19
  repeated string dns_names = 2;
20
  string fqdn = 3;
21
}
22

23
// EtcdCertsSpec describes etcd certs secrets.
24
message EtcdCertsSpec {
25
  common.PEMEncodedCertificateAndKey etcd = 1;
26
  common.PEMEncodedCertificateAndKey etcd_peer = 2;
27
  common.PEMEncodedCertificateAndKey etcd_admin = 3;
28
  common.PEMEncodedCertificateAndKey etcd_api_server = 4;
29
}
30

31
// EtcdRootSpec describes etcd CA secrets.
32
message EtcdRootSpec {
33
  common.PEMEncodedCertificateAndKey etcd_ca = 1;
34
}
35

36
// KubeletSpec describes root Kubernetes secrets.
37
message KubeletSpec {
38
  common.URL endpoint = 1;
39
  string bootstrap_token_id = 3;
40
  string bootstrap_token_secret = 4;
41
  repeated common.PEMEncodedCertificate accepted_c_as = 5;
42
}
43

44
// KubernetesCertsSpec describes generated Kubernetes certificates.
45
message KubernetesCertsSpec {
46
  string scheduler_kubeconfig = 4;
47
  string controller_manager_kubeconfig = 5;
48
  string localhost_admin_kubeconfig = 6;
49
  string admin_kubeconfig = 7;
50
}
51

52
// KubernetesDynamicCertsSpec describes generated KubernetesCerts certificates.
53
message KubernetesDynamicCertsSpec {
54
  common.PEMEncodedCertificateAndKey api_server = 1;
55
  common.PEMEncodedCertificateAndKey api_server_kubelet_client = 2;
56
  common.PEMEncodedCertificateAndKey front_proxy = 3;
57
}
58

59
// KubernetesRootSpec describes root Kubernetes secrets.
60
message KubernetesRootSpec {
61
  string name = 1;
62
  common.URL endpoint = 2;
63
  common.URL local_endpoint = 3;
64
  repeated string cert_sa_ns = 4;
65
  string dns_domain = 6;
66
  common.PEMEncodedCertificateAndKey issuing_ca = 7;
67
  common.PEMEncodedKey service_account = 8;
68
  common.PEMEncodedCertificateAndKey aggregator_ca = 9;
69
  string aescbc_encryption_secret = 10;
70
  string bootstrap_token_id = 11;
71
  string bootstrap_token_secret = 12;
72
  string secretbox_encryption_secret = 13;
73
  repeated common.NetIP api_server_ips = 14;
74
  repeated common.PEMEncodedCertificate accepted_c_as = 15;
75
}
76

77
// MaintenanceRootSpec describes maintenance service CA.
78
message MaintenanceRootSpec {
79
  common.PEMEncodedCertificateAndKey ca = 1;
80
}
81

82
// MaintenanceServiceCertsSpec describes maintenance service certs secrets.
83
message MaintenanceServiceCertsSpec {
84
  common.PEMEncodedCertificateAndKey ca = 1;
85
  common.PEMEncodedCertificateAndKey server = 2;
86
}
87

88
// OSRootSpec describes operating system CA.
89
message OSRootSpec {
90
  common.PEMEncodedCertificateAndKey issuing_ca = 1;
91
  repeated common.NetIP cert_sani_ps = 2;
92
  repeated string cert_sandns_names = 3;
93
  string token = 4;
94
  repeated common.PEMEncodedCertificate accepted_c_as = 5;
95
}
96

97
// TrustdCertsSpec describes etcd certs secrets.
98
message TrustdCertsSpec {
99
  common.PEMEncodedCertificateAndKey server = 2;
100
  repeated common.PEMEncodedCertificate accepted_c_as = 3;
101
}
102

103