71 Commits (8fee1ab10283ba9c1f1955e0b680fbc1be8e19d6)

Author SHA1 Message Date
Brad Beam a8715f9f0f Adding wait for vault up handler in service restart 6 years ago
Matthew Mosesohn 59be578842
Revert "wip pr for improved cert sync" (#2849) 6 years ago
Matthew Mosesohn 7433348aae wip pr for improved cert sync 6 years ago
Matthew Mosesohn 07cc981971
refactor vault role (#2733) 6 years ago
Chad Swenson d87b6fd9f3 Use dedicated front-proxy-ca for front-proxy-client 6 years ago
Matthew Mosesohn 3fa7468d54 Copy ca-key.pem to etcd and kube-masters accordingly 6 years ago
Matthew Mosesohn 03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545) 6 years ago
Chen Hong 4a705b3fba May vault health check needs delay 6 years ago
mirwan ee8f678010 Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446) 6 years ago
Brad Beam c874f16c02 Fixing credential lookup for fe proxy and vault (#2361) 6 years ago
Wong Hoi Sing Edison 1a1d154e14 Support multiple inventory files under individual inventory directory 6 years ago
woopstar f9df692056 Issue front proxy certs for vault 6 years ago
Matthew Mosesohn 16629d0b8e Vault should use cert auth for etcd 6 years ago
Matthew Mosesohn dc6a17e092
Use include/import tasks (#2192) 6 years ago
Matthew Mosesohn bfb25fa47b
Change vault cert ttl to 8y (#2013) 7 years ago
Brad Beam d3850a4da5 Fixing alt_names for vault cert generation 7 years ago
Brad Beam 93f3614382 Fixes #2039 - changing alt_names to be string instead of list (#2043) 7 years ago
Julien BONACHERA 290bc993a5
append newline char to vault generated certs 7 years ago
Brad Beam 3694657eb6 Adding retries for vault-init to come online 7 years ago
Matthew Mosesohn 4d3326b542
Raise default vault lease TTL to 10y (#2008) 7 years ago
abelgana fe3290601a
The variable altnames is used by this task. 7 years ago
abelgana e7173e1d62
Change altnames to alt_names 7 years ago
Spencer Smith 6df104b275 don't check for no_proxy, only http/https_proxy. fix linting issues. 7 years ago
Spencer Smith b27453d8d8 improved proxy support 7 years ago
Peter Lee 0b60201a1e fix etcd health check bug (#1480) 7 years ago
Matthew Mosesohn fc9a65be2b Refactor downloads to use download role directly (#1824) 7 years ago
Hassan Zamani 3acc42c5b3 Use etcd_access_addresses for vault_etcd_url 7 years ago
ArchiFleKs 7c663de6c9 add /etc/hosts volume to rkt templates 7 years ago
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 7 years ago
Brad Beam ac281476c8 Prune unnecessary certs from vault setup (#1652) 7 years ago
Brad Beam 4b587aaf99 Adding ability to specify altnames for vault cert (#1640) 7 years ago
Brad Beam 0a89f88b89 Fixing condition where CA already exists 7 years ago
Maxim Krasilnikov e16b57aa05 Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster (#1632) 7 years ago
mkrasilnikov 957b7115fe Remove node name from kube-proxy and admin certificates 7 years ago
mkrasilnikov b930b0ef5a Place vault role credentials only to vault group hosts 7 years ago
mkrasilnikov ad313c9d49 typo fix 7 years ago
mkrasilnikov e1384f6618 Using issue cert result var instead hostvars 7 years ago
mkrasilnikov 3acb86805b Rename vault_address to vault_bind_address 7 years ago
mkrasilnikov bf0af1cd3d Vault role updates: 7 years ago
Brad Beam 8ae77e955e Adding in certificate serial numbers to manifests (#1392) 7 years ago
Maxim Krasilnikov 6eb22c5db2 Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s (#1552) 7 years ago
Brad Beam 4550dccb84 Fixing reference to vault leader url (#1569) 7 years ago
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556) 7 years ago
Brad Beam e5cfdc648c Adding ability to override max ttl (#1559) 7 years ago
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548) 7 years ago
Matthew Mosesohn 2645e88b0c Fix vault setup partially (#1531) 7 years ago
Anton e0960f6288 FIX: Unneded (extra) cycles in some tasks (#1393) 7 years ago
Anton Nerozya 1fedbded62 ignore_errors instead of failed_when: false 7 years ago
Anton Nerozya c8258171ca Better naming for recurrent tasks 7 years ago
Brad Beam db3e8edacd Fixing up vault variables 7 years ago