Fixed deploy cluster with vault cert manager (#1548)

* Added custom ips to etcd vault distributed certificates * Added custom ips to kube-master vault distributed certificates * Added comment about issue_cert_copy_ca var in vault/issue_cert role file * Generate kube-proxy, controller-manager and scheduler certificates by vault * Revert "Disable vault from CI (#1546)" This reverts commit 781f31d2b8. * Fixed upgrade cluster with vault cert manager * Remove vault dir in reset playbook
2026-03-20 02:17:44 -02:30 · 2017-08-20 13:53:58 +03:00
parent 72ae7638bc
commit 2ba285a544
8 changed files with 81 additions and 35 deletions
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -54,7 +54,7 @@ vault_download_vars:
  unarchive: true
  url: "{{ vault_download_url }}"
  version: "{{ vault_version }}"
-vault_etcd_url: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379"
+vault_etcd_url: "https://{{ hostvars[groups.etcd[0]]['ip']|d(hostvars[groups.etcd[0]]['ansible_default_ipv4']['address']) }}:2379"
 vault_image_repo: "vault"
 vault_image_tag: "{{ vault_version }}"
 vault_log_dir: "/var/log/vault"
--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@@ -5,6 +5,7 @@
 # Vars:
 #   issue_cert_alt_name:    Requested Subject Alternative Names, in a list.
 #   issue_cert_common_name: Common Name included in the cert
+#   issue_cert_copy_ca:     Copy issuing CA cert needed
 #   issue_cert_dir_mode:    Mode of the placed cert directory
 #   issue_cert_file_group:  Group of the placed cert file and directory
 #   issue_cert_file_mode:   Mode of the placed cert file