mirror of
https://github.com/siderolabs/talos.git
synced 2025-10-08 22:21:16 +02:00
96aa9638f7
There's a cyclic dependency on siderolink library which imports talos machinery back. We will fix that after we get talos pushed under a new name. Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
86 lines
2.5 KiB
Protocol Buffer
Executable File
86 lines
2.5 KiB
Protocol Buffer
Executable File
syntax = "proto3";
|
|
|
|
package talos.resource.definitions.secrets;
|
|
|
|
option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/secrets";
|
|
|
|
import "common/common.proto";
|
|
|
|
// APICertsSpec describes etcd certs secrets.
|
|
message APICertsSpec {
|
|
common.PEMEncodedCertificateAndKey ca = 1;
|
|
common.PEMEncodedCertificateAndKey client = 2;
|
|
common.PEMEncodedCertificateAndKey server = 3;
|
|
}
|
|
|
|
// CertSANSpec describes fields of the cert SANs.
|
|
message CertSANSpec {
|
|
repeated common.NetIP i_ps = 1;
|
|
repeated string dns_names = 2;
|
|
string fqdn = 3;
|
|
}
|
|
|
|
// EtcdCertsSpec describes etcd certs secrets.
|
|
message EtcdCertsSpec {
|
|
common.PEMEncodedCertificateAndKey etcd = 1;
|
|
common.PEMEncodedCertificateAndKey etcd_peer = 2;
|
|
common.PEMEncodedCertificateAndKey etcd_admin = 3;
|
|
common.PEMEncodedCertificateAndKey etcd_api_server = 4;
|
|
}
|
|
|
|
// EtcdRootSpec describes etcd CA secrets.
|
|
message EtcdRootSpec {
|
|
common.PEMEncodedCertificateAndKey etcd_ca = 1;
|
|
}
|
|
|
|
// KubeletSpec describes root Kubernetes secrets.
|
|
message KubeletSpec {
|
|
common.URL endpoint = 1;
|
|
common.PEMEncodedCertificateAndKey ca = 2;
|
|
string bootstrap_token_id = 3;
|
|
string bootstrap_token_secret = 4;
|
|
}
|
|
|
|
// KubernetesCertsSpec describes generated Kubernetes certificates.
|
|
message KubernetesCertsSpec {
|
|
common.PEMEncodedCertificateAndKey api_server = 1;
|
|
common.PEMEncodedCertificateAndKey api_server_kubelet_client = 2;
|
|
common.PEMEncodedCertificateAndKey front_proxy = 3;
|
|
string scheduler_kubeconfig = 4;
|
|
string controller_manager_kubeconfig = 5;
|
|
string localhost_admin_kubeconfig = 6;
|
|
string admin_kubeconfig = 7;
|
|
}
|
|
|
|
// KubernetesRootSpec describes root Kubernetes secrets.
|
|
message KubernetesRootSpec {
|
|
string name = 1;
|
|
common.URL endpoint = 2;
|
|
common.URL local_endpoint = 3;
|
|
repeated string cert_sa_ns = 4;
|
|
string dns_domain = 6;
|
|
common.PEMEncodedCertificateAndKey ca = 7;
|
|
common.PEMEncodedKey service_account = 8;
|
|
common.PEMEncodedCertificateAndKey aggregator_ca = 9;
|
|
string aescbc_encryption_secret = 10;
|
|
string bootstrap_token_id = 11;
|
|
string bootstrap_token_secret = 12;
|
|
string secretbox_encryption_secret = 13;
|
|
repeated common.NetIP api_server_ips = 14;
|
|
}
|
|
|
|
// OSRootSpec describes operating system CA.
|
|
message OSRootSpec {
|
|
common.PEMEncodedCertificateAndKey ca = 1;
|
|
repeated common.NetIP cert_sani_ps = 2;
|
|
repeated string cert_sandns_names = 3;
|
|
string token = 4;
|
|
}
|
|
|
|
// TrustdCertsSpec describes etcd certs secrets.
|
|
message TrustdCertsSpec {
|
|
common.PEMEncodedCertificateAndKey ca = 1;
|
|
common.PEMEncodedCertificateAndKey server = 2;
|
|
}
|
|
|