Merge pull request #3228 from mirwan/credentials_dir

Introducing credentials_dir variable in order to be able to override it

roles/kubernetes/master/defaults/main.yml

@@ -132,7 +132,7 @@ volume_cross_zone_attachment: false
 
 ## Encrypting Secret Data at Rest
 kube_encrypt_secret_data: false
-kube_encrypt_token: "{{ lookup('password', inventory_dir + '/credentials/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
+kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
 # Must be either: aescbc, secretbox or aesgcm
 kube_encryption_algorithm: "aescbc"
 

roles/kubespray-defaults/defaults/main.yaml

@@ -175,6 +175,9 @@ kubeconfig_localhost: false
 # Download kubectl onto the host that runs Ansible in {{ bin_dir }}
 kubectl_localhost: false
 
+# Define credentials_dir here so it can be overriden
+credentials_dir: "{{ inventory_dir }}/credentials"
+
 # K8s image pull policy (imagePullPolicy)
 k8s_image_pull_policy: IfNotPresent
 

roles/vault/defaults/main.yml

@@ -122,7 +122,7 @@ vault_pki_mounts:
     roles:
       - name: userpass
         group: userpass
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/userpass.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/userpass.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -136,7 +136,7 @@ vault_pki_mounts:
     roles:
       - name: vault
         group: vault
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/vault.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/vault.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -149,7 +149,7 @@ vault_pki_mounts:
     roles:
       - name: etcd
         group: etcd
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/etcd.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/etcd.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -164,7 +164,7 @@ vault_pki_mounts:
     roles:
       - name: kube-master
         group: kube-master
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-master.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/kube-master.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -172,7 +172,7 @@ vault_pki_mounts:
           organization: "system:masters"
       - name: front-proxy-client
         group: kube-master
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/kube-proxy.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -180,7 +180,7 @@ vault_pki_mounts:
           organization: "system:front-proxy-client"
       - name: kube-node
         group: k8s-cluster
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-node.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/kube-node.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true
@@ -188,7 +188,7 @@ vault_pki_mounts:
           organization: "system:nodes"
       - name: kube-proxy
         group: k8s-cluster
-        password: "{{ lookup('password', inventory_dir + '/credentials/vault/kube-proxy.creds length=15') }}"
+        password: "{{ lookup('password', credentials_dir + '/vault/kube-proxy.creds length=15') }}"
         policy_rules: default
         role_options:
           allow_any_name: true