epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-07 02:27:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Vault security hardening and role isolation

Browse Source
This commit is contained in:
Josh Conant
2017-02-08 21:41:36 +00:00
parent f4ec2d18e5
commit 245e05ce61
78 changed files with 1408 additions and 706 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/vault/templates/host.service.j2 Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=vault
After=network.target
[Service]
AmbientCapabilities=CAP_IPC_LOCK
ExecStart=/usr/bin/vault server --config={{ vault_config_dir }}/config.json
LimitNOFILE=40000
NotifyAccess=all
Restart=always
RestartSec=10s
User={{ vault_adduser_vars.name }}
[Install]
WantedBy=multi-user.target