richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2046 Commits
29 Branches
81 Tags
146 MiB
Tree: 77602dbb93
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '77602dbb93'
${ noResults }
kubespray/roles/vault/tasks/main.yml

19 lines
816 B
Raw Normal View History

Adding the Vault role
7 years ago
Vault security hardening and role isolation
7 years ago
Adding the Vault role
7 years ago
Vault security hardening and role isolation
7 years ago
Adding the Vault role
7 years ago
Disable vault role properly on ansible 2.2.0 when condition does not seem to work correctly at playbook level for ansible 2.2.0.
7 years ago
Adding the Vault role
7 years ago
Vault security hardening and role isolation
7 years ago
Adding the Vault role
7 years ago
Disable vault role properly on ansible 2.2.0 when condition does not seem to work correctly at playbook level for ansible 2.2.0.
7 years ago
  1. ---
  2. # The Vault role is typically a two step process:
  3. # 1. Bootstrap
  4. # This starts a temporary Vault to generate certs for Vault itself. This
  5. # includes a Root CA for the cluster, assuming one doesn't exist already.
  6. # The temporary instance will remain running after Bootstrap, to provide a
  7. # running Vault for the Etcd role to generate certs against.
  8. # 2. Cluster
  9. # Once Etcd is started, then the Cluster tasks can start up a long-term
  10. # Vault cluster using Etcd as the backend. The same Root CA is mounted as
  11. # used during step 1, allowing all certs to have the same chain of trust.
  13. ## Bootstrap
  14. - include: bootstrap/main.yml
  15. when: cert_management == 'vault' and vault_bootstrap | d()
  17. ## Cluster
  18. - include: cluster/main.yml
  19. when: cert_management == 'vault' and not vault_bootstrap | d()