---

vault_bootstrap: false
vault_ca_options:
  common_name: kube-cluster-ca
  format: pem
  ttl: 87600h
vault_cert_dir: "{{ vault_config_dir }}/ssl"
vault_client_headers:
  Accept: "application/json"
  Content-Type: "application/json"
vault_config:
  backend:
    etcd:
      address: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379"
      ha_enabled: "true"
      redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
      tls_ca_file: "{{ vault_cert_dir }}/ca.pem"
  cluster_name: "kubernetes-vault"
  default_lease_ttl: "{{ vault_default_lease_ttl }}"
  listener:
    tcp:
      address: "0.0.0.0:{{ vault_port }}"
      tls_cert_file: "{{ vault_cert_dir }}/api.pem"
      tls_key_file: "{{ vault_cert_dir }}/api-key.pem"
  max_lease_ttl: 720h
vault_config_dir: /etc/vault
vault_container_name: kube-hashicorp-vault
vault_default_lease_ttl: 720h
vault_default_role_permissions:
  allow_any_name: true
vault_deployment_type: docker
vault_etcd_needs_gen: false
vault_etcd_sync_hosts: []
vault_max_lease_ttl: 87600h 
vault_needs_gen: false
vault_port: 8200
vault_secret_shares: 1
vault_secret_threshold: 1
vault_secrets_dir: "{{ vault_config_dir }}/secrets"
vault_temp_config:
  default_lease_ttl: "{{ vault_default_lease_ttl }}"
  backend:
    file:
      path: /vault/file
  listener:
    tcp:
      address: "0.0.0.0:{{ vault_temp_port }}"
      tls_disable: "true"
vault_temp_port: 8201

# This should be set higher up, but setting defaults here to avoid issues
etcd_cert_dir: /etc/ssl/etcd/ssl
kube_cert_dir: /etc/kubernetes/ssl

# Sync cert defaults (should be role, once include_role is fixed)
sync_file: ''
sync_file_dir: ''
sync_file_host_count: 0
sync_file_is_cert: false
sync_file_key_path: ''
sync_file_key_srcs: []
sync_file_path: ''
sync_file_results: []
sync_file_srcs: []