|
|
@ -122,7 +122,7 @@ vault_pki_mounts: |
|
|
|
roles: |
|
|
|
- name: userpass |
|
|
|
group: userpass |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/userpass.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/userpass.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -136,7 +136,7 @@ vault_pki_mounts: |
|
|
|
roles: |
|
|
|
- name: vault |
|
|
|
group: vault |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/vault.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/vault.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -149,7 +149,7 @@ vault_pki_mounts: |
|
|
|
roles: |
|
|
|
- name: etcd |
|
|
|
group: etcd |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/etcd.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/etcd.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -164,7 +164,7 @@ vault_pki_mounts: |
|
|
|
roles: |
|
|
|
- name: kube-master |
|
|
|
group: kube-master |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-master.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/kube-master.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -172,7 +172,7 @@ vault_pki_mounts: |
|
|
|
organization: "system:masters" |
|
|
|
- name: front-proxy-client |
|
|
|
group: kube-master |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/kube-proxy.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -180,7 +180,7 @@ vault_pki_mounts: |
|
|
|
organization: "system:front-proxy-client" |
|
|
|
- name: kube-node |
|
|
|
group: k8s-cluster |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-node.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/kube-node.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
@ -188,7 +188,7 @@ vault_pki_mounts: |
|
|
|
organization: "system:nodes" |
|
|
|
- name: kube-proxy |
|
|
|
group: k8s-cluster |
|
|
|
password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}" |
|
|
|
password: "{{ lookup('password', credentials_dir + '/vault/kube-proxy.creds length=15') }}" |
|
|
|
policy_rules: default |
|
|
|
role_options: |
|
|
|
allow_any_name: true |
|
|
|