mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-04-07 02:59:24 -02:30
Vault security hardening and role isolation
This commit is contained in:
Josh Conant
17
roles/vault/tasks/shared/sync_auth_certs.yml
Normal file
17
roles/vault/tasks/shared/sync_auth_certs.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
- include: sync_file.yml
|
||||
vars:
|
||||
sync_file: "auth-ca.pem"
|
||||
sync_file_dir: "{{ vault_cert_dir }}"
|
||||
sync_file_hosts: "{{ groups.vault }}"
|
||||
sync_file_is_cert: true
|
||||
|
||||
- name: shared/sync_auth_certs | Set facts for vault sync_file results
|
||||
set_fact:
|
||||
vault_auth_ca_cert_needed: "{{ sync_file_results[0]['no_srcs'] }}"
|
||||
|
||||
|
||||
- name: shared/sync_auth_certs | Unset sync_file_results after auth-ca.pem sync
|
||||
set_fact:
|
||||
sync_file_results: []
|
||||
Reference in New Issue
Block a user