Merge pull request #2228 from mattymo/vault_etcd_secure

Vault should use cert auth for etcd
6 years ago · 5eedb5562f
1 changed files with 2 additions and 0 deletions
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@ -66,6 +66,8 @@ vault_config:
      ha_enabled: "true"
      redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
      tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem"
+      tls_cert_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}.pem"
+      tls_key_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem"
  cluster_name: "kubernetes-vault"
  default_lease_ttl: "{{ vault_default_lease_ttl }}"
  max_lease_ttl: "{{ vault_max_lease_ttl }}"