Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 8fab014d343633828dc4df3c670def9c75fa4485 / . / metropolis / node / core / curator / state_pki.go
blob: 2384158049281819cd5e76ac4ac869ad8433c598 [file] [log] [blame]
Serge Bazanskif0b4da52021-06-21 20:05:59 +0200[diff] [blame]1package curator
2
3import (
Serge Bazanski3379a5d2021-09-09 12:56:40 +0200[diff] [blame]4 "source.monogon.dev/metropolis/node/core/identity"
Serge Bazanskif0b4da52021-06-21 20:05:59 +0200[diff] [blame]5 "source.monogon.dev/metropolis/pkg/pki"
6)
7
8var (
9 // pkiNamespace is the etcd/pki namespace in which the Metropolis cluster CA
10 // data will live.
11 pkiNamespace = pki.Namespaced("/cluster-pki/")
12 // pkiCA is the main cluster CA, stored in etcd. It is used to emit cluster,
13 // node and user certificates.
Serge Bazanski52538842021-08-11 16:22:41 +0200[diff] [blame]14 pkiCA = &pki.Certificate{
15 Namespace: &pkiNamespace,
16 Issuer: pki.SelfSigned,
Serge Bazanski3379a5d2021-09-09 12:56:40 +0200[diff] [blame]17 Template: identity.CACertificate("Metropolis Cluster CA"),
Serge Bazanski52538842021-08-11 16:22:41 +0200[diff] [blame]18 Name: "cluster-ca",
19 }
Serge Bazanskif0b4da52021-06-21 20:05:59 +0200[diff] [blame]20)