From cb91003cead616712203f6443134cf5521adf9d7 Mon Sep 17 00:00:00 2001
From: DBLaci <dblaci@dblaci.hu>
Date: Fri, 13 Jul 2018 15:26:18 +0200
Subject: [PATCH] dashboard_token_ttl option override possibility with default

---
 roles/kubernetes-apps/ansible/defaults/main.yml          | 3 +++
 roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 | 1 +
 2 files changed, 4 insertions(+)

diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index ee4fda3db..a86fe9430 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -59,6 +59,9 @@ dashboard_certs_secret_name: kubernetes-dashboard-certs
 dashboard_tls_key_file: dashboard.key
 dashboard_tls_cert_file: dashboard.crt
 
+# Override dashboard default settings
+dashboard_token_ttl: "15 minutes"
+
 # SSL
 etcd_cert_dir: "/etc/ssl/etcd/ssl"
 canal_cert_dir: "/etc/canal/certs"
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index 860a5c26f..41f6716e7 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -166,6 +166,7 @@ spec:
           # If not specified, Dashboard will attempt to auto discover the API server and connect
           # to it. Uncomment only if the default does not work.
           # - --apiserver-host=http://my-address:port
+          - --token-ttl={{ dashboard_token_ttl }}
         volumeMounts:
         - name: kubernetes-dashboard-certs
           mountPath: /certs