epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 13:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Vault should use cert auth for etcd

Browse Source
This commit is contained in:
Matthew Mosesohn
2018-01-31 20:26:19 +03:00
parent c1267004ef
commit 16629d0b8e
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/vault/defaults/main.yml
View File

@@ -66,6 +66,8 @@ vault_config:
ha_enabled: "true" ha_enabled: "true"
redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}" redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem" tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem"
tls_cert_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}.pem"
tls_key_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem"
cluster_name: "kubernetes-vault" cluster_name: "kubernetes-vault"
default_lease_ttl: "{{ vault_default_lease_ttl }}" default_lease_ttl: "{{ vault_default_lease_ttl }}"
max_lease_ttl: "{{ vault_max_lease_ttl }}" max_lease_ttl: "{{ vault_max_lease_ttl }}"