65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
---
|
|
|
|
vault_bootstrap: false
|
|
vault_ca_options:
|
|
common_name: kube-cluster-ca
|
|
format: pem
|
|
ttl: 87600h
|
|
vault_cert_dir: "{{ vault_config_dir }}/ssl"
|
|
vault_client_headers:
|
|
Accept: "application/json"
|
|
Content-Type: "application/json"
|
|
vault_config:
|
|
backend:
|
|
etcd:
|
|
address: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379"
|
|
ha_enabled: "true"
|
|
redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
|
|
tls_ca_file: "{{ vault_cert_dir }}/ca.pem"
|
|
cluster_name: "kubernetes-vault"
|
|
default_lease_ttl: "{{ vault_default_lease_ttl }}"
|
|
listener:
|
|
tcp:
|
|
address: "0.0.0.0:{{ vault_port }}"
|
|
tls_cert_file: "{{ vault_cert_dir }}/api.pem"
|
|
tls_key_file: "{{ vault_cert_dir }}/api-key.pem"
|
|
max_lease_ttl: 720h
|
|
vault_config_dir: /etc/vault
|
|
vault_container_name: kube-hashicorp-vault
|
|
vault_default_lease_ttl: 720h
|
|
vault_default_role_permissions:
|
|
allow_any_name: true
|
|
vault_deployment_type: docker
|
|
vault_etcd_needs_gen: false
|
|
vault_etcd_sync_hosts: []
|
|
vault_max_lease_ttl: 87600h
|
|
vault_needs_gen: false
|
|
vault_port: 8200
|
|
vault_secret_shares: 1
|
|
vault_secret_threshold: 1
|
|
vault_secrets_dir: "{{ vault_config_dir }}/secrets"
|
|
vault_temp_config:
|
|
default_lease_ttl: "{{ vault_default_lease_ttl }}"
|
|
backend:
|
|
file:
|
|
path: /vault/file
|
|
listener:
|
|
tcp:
|
|
address: "0.0.0.0:{{ vault_temp_port }}"
|
|
tls_disable: "true"
|
|
vault_temp_port: 8201
|
|
|
|
# This should be set higher up, but setting defaults here to avoid issues
|
|
etcd_cert_dir: /etc/ssl/etcd/ssl
|
|
kube_cert_dir: /etc/kubernetes/ssl
|
|
|
|
# Sync cert defaults (should be role, once include_role is fixed)
|
|
sync_file: ''
|
|
sync_file_dir: ''
|
|
sync_file_host_count: 0
|
|
sync_file_is_cert: false
|
|
sync_file_key_path: ''
|
|
sync_file_key_srcs: []
|
|
sync_file_path: ''
|
|
sync_file_results: []
|
|
sync_file_srcs: []
|