DEFAULT

alt_names

required:    false
scopable:    true
convert:     list

Example:

alt_names = www.opensvc.com opensvc.com

Certificate Signing Request Alternative Domain Names.

app

required:    false
scopable:    false
default:     default

A user-defined code linking to:

  • who is responsible for this service.
  • who is billable.

This code thus provides a most useful object grouping and filtering key.

Short and simple codes, like ERP, are easier to work with.

bits

required:    false
scopable:    true
default:     4kib
convert:     size

Example:

bits = 8192

Certificate Private Key Length.

c

required:    false
scopable:    true

Example:

c = FR

Certificate Signing Request Country.

ca

required:    false
scopable:    true

Example:

ca = ca

The name of secret containing a certificate to use as a Certificate Authority. This secret must be in the same namespace.

cn

required:    false
scopable:    true

Example:

cn = test.opensvc.com

Certificate Signing Request Common Name.

comment

required:    false
scopable:    false

Comments help the users understand the role of the object and its resources.

drpnodes

required:    false
scopable:    true
convert:     other-nodes

Example:

drpnodes = n1 n2

A node selector expression specifying the list of cluster nodes hosting object instances when all primary nodes are unavailable, like in a DRP situation.

If not specified or left empty, the node evaluating the keyword is assumed to be the only instance hosting node.

Labels can be used to define a list of nodes by an arbitrary property. For example cn=fr cn=kr would be evaluated as n1 n2 n3 if n1 and n2 have the cn=fr label and n3 has the cn=kr label.

The glob syntax can be used in the node selector expression. For example n1 n[23] n4* would be expanded to n1 n2 n3 n4 in a n1 n2 n3 n4 n5 cluster.

The drpnodes can be data synchronization targets for sync resources.

email

required:    false
scopable:    true

Example:

email = test@opensvc.com

Certificate Signing Request Email.

env

required:    false
scopable:    false
default:     The same as the node `env`.

A code like PRD, DEV, etc... the agent can use to enforce data protection policies:

  • A non-PRD object instance can not be started on a PRD node
  • A PRD object instance can be started on a non-PRD node (typically in a DRP situation)

The default value is read from the node env keyword.

id

required:    false
scopable:    false
default:     A random generated UUID.

A rfc4122 random uuid generated by the agent.

l

required:    false
scopable:    true

Example:

l = Gouvieux

Certificate Signing Request Location.

nodes

required:    false
scopable:    true
default:     *
convert:     nodes

A node selector expression specifying the list of cluster nodes hosting object instances.

If not specified or left empty, the node evaluating the keyword is assumed to be the only instance hosting node.

Labels can be used to define a list of nodes by an arbitrary property. For example cn=fr cn=kr would be evaluated as n1 n2 n3 if n1 and n2 have the cn=fr label and n3 has the cn=kr label.

The glob syntax can be used in the node selector expression. For example n1 n[23] n4* would be expanded to n1 n2 n3 n4 in a n1 n2 n3 n4 n5 cluster.

o

required:    false
scopable:    true

Example:

o = OpenSVC

Certificate Signing Request Organization.

ou

required:    false
scopable:    true

Example:

ou = Lab

Certificate Signing Request Organizational Unit.

st

required:    false
scopable:    true

Example:

st = Oise

Certificate Signing Request State.

validity

required:    false
scopable:    true
default:     1y
convert:     duration

Example:

validity = 10y

Certificate Validity duration.