Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add k8s master config validation #1814

Merged
merged 1 commit into from
Oct 30, 2020
Merged

Add k8s master config validation #1814

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 40 additions & 1 deletion core/src/epicli/data/common/validation/configuration/kubernetes-master.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,40 @@
$ref: '#/definitions/unvalidated_specification'
"$id": "#/specification"
title: "K8s specification schema"
description: "K8s specification schema"
type: object
properties:
advanced:
type: object
properties:
certificates:
type: object
properties:
location:
title: location schema
"$id": "#/properties/specification/properties/advanced/properties/certificates/properties/location"
description: |-
Where the certificates should be stored
type: string
default: /etc/kubernetes/pki
examples:
- /etc/kubernetes/pki
expiration_days:
title: expiration_days schema
"$id": "#/properties/specification/properties/advanced/properties/certificates/properties/expiration_days"
description: |-
Days to make certificate be valid for.
For more explanation about the limit navigate to
https://groups.google.com/g/mailing.openssl.users/c/3kK_f0ywCZQ.
type: integer
minimum: 1
maximum: 24855
default: 365
renew:
title: renew schema
"$id": "#/properties/specification/properties/advanced/properties/certificates/properties/renew"
description: |-
Whether to renew certificates or not
type: boolean
default: false
examples:
- false
8 changes: 8 additions & 0 deletions docs/home/CERTIFICATES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ Parameters (optional):
1. expiration_days - days to expire in, default value is `365`
2. renew - whether to renew certificates or not, default value is `false`

---
**NOTE**

Usage of values greater than 24855 for `expiration_days` is not possible.
For more information see [discussion](https://groups.google.com/g/mailing.openssl.users/c/3kK_f0ywCZQ) about that.

---

When `epicly apply` executes, if `renew` option is set to `true`, following certificates will be renewed with expiration period defined by `expiration_days`:

1. admin.conf
Expand Down