--- vault_bootstrap: false vault_ca_options: common_name: kube-cluster-ca format: pem ttl: 87600h vault_cert_dir: "{{ vault_config_dir }}/ssl" vault_client_headers: Accept: "application/json" Content-Type: "application/json" vault_config: backend: etcd: address: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379" ha_enabled: "true" redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}" tls_ca_file: "{{ vault_cert_dir }}/ca.pem" cluster_name: "kubernetes-vault" default_lease_ttl: "{{ vault_default_lease_ttl }}" listener: tcp: address: "0.0.0.0:{{ vault_port }}" tls_cert_file: "{{ vault_cert_dir }}/api.pem" tls_key_file: "{{ vault_cert_dir }}/api-key.pem" max_lease_ttl: 720h vault_config_dir: /etc/vault vault_container_name: kube-hashicorp-vault vault_default_lease_ttl: 720h vault_default_role_permissions: allow_any_name: true vault_deployment_type: docker vault_etcd_needs_gen: false vault_etcd_sync_hosts: [] vault_max_lease_ttl: 87600h vault_needs_gen: false vault_port: 8200 vault_secret_shares: 1 vault_secret_threshold: 1 vault_secrets_dir: "{{ vault_config_dir }}/secrets" vault_temp_config: default_lease_ttl: "{{ vault_default_lease_ttl }}" backend: file: path: /vault/file listener: tcp: address: "0.0.0.0:{{ vault_temp_port }}" tls_disable: "true" vault_temp_port: 8201 # This should be set higher up, but setting defaults here to avoid issues etcd_cert_dir: /etc/ssl/etcd/ssl kube_cert_dir: /etc/kubernetes/ssl # Sync cert defaults (should be role, once include_role is fixed) sync_file: '' sync_file_dir: '' sync_file_host_count: 0 sync_file_is_cert: false sync_file_key_path: '' sync_file_key_srcs: [] sync_file_path: '' sync_file_results: [] sync_file_srcs: []