Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446)

2026-03-06 10:08:37 +03:00 · 2018-03-21 08:50:32 +01:00
parent a6b918c1a1
commit ee8f678010
7 changed files with 12 additions and 11 deletions
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -95,5 +95,5 @@ volume_cross_zone_attachment: false

 ## Encrypting Secret Data at Rest
 kube_encrypt_secret_data: false
-kube_encrypt_token: "{{ lookup('password', inventory_dir + '/credentials/kube_encrypt_token length=32 chars=ascii_letters,digits') }}"
+kube_encrypt_token: "{{ lookup('password', inventory_dir + '/credentials/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
 kube_encryption_algorithm: "aescbc" # Must be either: aescbc, secretbox or aesgcm