External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-16 05:47:42 -02:30
Code Issues Packages Projects Releases Wiki Activity

Vault security hardening and role isolation

Browse Source
This commit is contained in:
Josh Conant
2017-02-08 21:41:36 +00:00
parent f4ec2d18e5
commit 245e05ce61
78 changed files with 1408 additions and 706 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/vault/tasks/cluster/init.yml
View File

@@ -28,6 +28,7 @@
- name: cluster/init | Ensure the vault_secrets_dir exists
file:
mode: 0750
path: "{{ vault_secrets_dir }}"
state: directory
@@ -35,12 +36,14 @@
copy:
content: "{{ vault_unseal_keys|join('\n') }}"
dest: "{{ vault_secrets_dir }}/unseal_keys"
mode: 0640
when: not vault_cluster_is_initialized
- name: cluster/init | Ensure all in groups.vault have the root_token locally
copy:
content: "{{ vault_root_token }}"
dest: "{{ vault_secrets_dir }}/root_token"
mode: 0640
when: not vault_cluster_is_initialized
- name: cluster/init | Ensure vault_headers and vault statuses are updated