From 16629d0b8e7838a39c8f473d5d148242ac5590c3 Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Wed, 31 Jan 2018 20:26:19 +0300 Subject: [PATCH] Vault should use cert auth for etcd --- roles/vault/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index 3e41cb00c..0640fddc2 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -66,6 +66,8 @@ vault_config: ha_enabled: "true" redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}" tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem" + tls_cert_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}.pem" + tls_key_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem" cluster_name: "kubernetes-vault" default_lease_ttl: "{{ vault_default_lease_ttl }}" max_lease_ttl: "{{ vault_max_lease_ttl }}"