talos
101 строка · 3.1 Кб
1syntax = "proto3";
2
3package talos.resource.definitions.secrets;
4
5option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/secrets";
6
7import "common/common.proto";
8
9// APICertsSpec describes etcd certs secrets.
10message APICertsSpec {
11common.PEMEncodedCertificateAndKey client = 2;
12common.PEMEncodedCertificateAndKey server = 3;
13repeated common.PEMEncodedCertificate accepted_c_as = 4;
14}
15
16// CertSANSpec describes fields of the cert SANs.
17message CertSANSpec {
18repeated common.NetIP i_ps = 1;
19repeated string dns_names = 2;
20string fqdn = 3;
21}
22
23// EtcdCertsSpec describes etcd certs secrets.
24message EtcdCertsSpec {
25common.PEMEncodedCertificateAndKey etcd = 1;
26common.PEMEncodedCertificateAndKey etcd_peer = 2;
27common.PEMEncodedCertificateAndKey etcd_admin = 3;
28common.PEMEncodedCertificateAndKey etcd_api_server = 4;
29}
30
31// EtcdRootSpec describes etcd CA secrets.
32message EtcdRootSpec {
33common.PEMEncodedCertificateAndKey etcd_ca = 1;
34}
35
36// KubeletSpec describes root Kubernetes secrets.
37message KubeletSpec {
38common.URL endpoint = 1;
39string bootstrap_token_id = 3;
40string bootstrap_token_secret = 4;
41repeated common.PEMEncodedCertificate accepted_c_as = 5;
42}
43
44// KubernetesCertsSpec describes generated Kubernetes certificates.
45message KubernetesCertsSpec {
46string scheduler_kubeconfig = 4;
47string controller_manager_kubeconfig = 5;
48string localhost_admin_kubeconfig = 6;
49string admin_kubeconfig = 7;
50}
51
52// KubernetesDynamicCertsSpec describes generated KubernetesCerts certificates.
53message KubernetesDynamicCertsSpec {
54common.PEMEncodedCertificateAndKey api_server = 1;
55common.PEMEncodedCertificateAndKey api_server_kubelet_client = 2;
56common.PEMEncodedCertificateAndKey front_proxy = 3;
57}
58
59// KubernetesRootSpec describes root Kubernetes secrets.
60message KubernetesRootSpec {
61string name = 1;
62common.URL endpoint = 2;
63common.URL local_endpoint = 3;
64repeated string cert_sa_ns = 4;
65string dns_domain = 6;
66common.PEMEncodedCertificateAndKey issuing_ca = 7;
67common.PEMEncodedKey service_account = 8;
68common.PEMEncodedCertificateAndKey aggregator_ca = 9;
69string aescbc_encryption_secret = 10;
70string bootstrap_token_id = 11;
71string bootstrap_token_secret = 12;
72string secretbox_encryption_secret = 13;
73repeated common.NetIP api_server_ips = 14;
74repeated common.PEMEncodedCertificate accepted_c_as = 15;
75}
76
77// MaintenanceRootSpec describes maintenance service CA.
78message MaintenanceRootSpec {
79common.PEMEncodedCertificateAndKey ca = 1;
80}
81
82// MaintenanceServiceCertsSpec describes maintenance service certs secrets.
83message MaintenanceServiceCertsSpec {
84common.PEMEncodedCertificateAndKey ca = 1;
85common.PEMEncodedCertificateAndKey server = 2;
86}
87
88// OSRootSpec describes operating system CA.
89message OSRootSpec {
90common.PEMEncodedCertificateAndKey issuing_ca = 1;
91repeated common.NetIP cert_sani_ps = 2;
92repeated string cert_sandns_names = 3;
93string token = 4;
94repeated common.PEMEncodedCertificate accepted_c_as = 5;
95}
96
97// TrustdCertsSpec describes etcd certs secrets.
98message TrustdCertsSpec {
99common.PEMEncodedCertificateAndKey server = 2;
100repeated common.PEMEncodedCertificate accepted_c_as = 3;
101}
102
103