Merge pull request #2228 from mattymo/vault_etcd_secure

Vault should use cert auth for etcd

Merge pull request #2228 from mattymo/vault_etcd_secure
5eedb556 · Spencer Smith · GitHub · c1267004 · 16629d0b · 5eedb556
Unverified Commit 5eedb556 authored 7 years ago by Spencer Smith Committed by GitHub 7 years ago
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -66,6 +66,8 @@ vault_config:
      ha_enabled: "true"
      redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
      tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem"
+      tls_cert_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}.pem"
+      tls_key_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem"
  cluster_name: "kubernetes-vault"
  default_lease_ttl: "{{ vault_default_lease_ttl }}"
  max_lease_ttl: "{{ vault_max_lease_ttl }}"