6eb22c5db2
* Added update CA trust step for etcd and kube/secrets roles * Added load_balancer_domain_name to certificate alt names if defined. Reset CA's in RedHat os. * Rename kube-cluster-ca.crt to vault-ca.crt, we need separated CA`s for vault, etcd and kube. * Vault role refactoring, remove optional cert vault auth because not not used and worked. Create separate CA`s fro vault and etcd. * Fixed different certificates set for vault cert_managment * Update doc/vault.md * Fixed condition create vault CA, wrong group * Fixed missing etcd_cert_path mount for rkt deployment type. Distribute vault roles for all vault hosts * Removed wrong when condition in create etcd role vault tasks.
30 lines
703 B
YAML
30 lines
703 B
YAML
---
|
|
# Set to false to only do certificate management
|
|
etcd_cluster_setup: true
|
|
|
|
etcd_backup_prefix: "/var/backups"
|
|
etcd_bin_dir: "{{ local_release_dir }}/etcd/etcd-{{ etcd_version }}-linux-amd64/"
|
|
etcd_data_dir: "/var/lib/etcd"
|
|
|
|
etcd_config_dir: /etc/ssl/etcd
|
|
etcd_cert_dir: "{{ etcd_config_dir }}/ssl"
|
|
etcd_cert_group: root
|
|
|
|
etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
|
|
|
|
etcd_heartbeat_interval: "250"
|
|
etcd_election_timeout: "5000"
|
|
|
|
etcd_metrics: "basic"
|
|
|
|
# Limits
|
|
etcd_memory_limit: 512M
|
|
|
|
# Uncomment to set CPU share for etcd
|
|
# etcd_cpu_limit: 300m
|
|
|
|
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) }}"
|
|
|
|
etcd_compaction_retention: "8"
|
|
|
|
etcd_vault_mount_path: etcd
|