Adding the Vault role

roles/vault/defaults/main.yml

@@ -0,0 +1,65 @@
+---
+
+vault_bootstrap: false
+vault_ca_options:
+  common_name: kube-cluster-ca
+  format: pem
+  ttl: 87600h
+vault_cert_dir: "{{ vault_config_dir }}/ssl"
+vault_client_headers:
+  Accept: "application/json"
+  Content-Type: "application/json"
+vault_config:
+  backend:
+    etcd:
+      address: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379"
+      ha_enabled: "true"
+      redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
+      tls_ca_file: "{{ vault_cert_dir }}/ca.pem"
+  cluster_name: "kubernetes-vault"
+  default_lease_ttl: "{{ vault_default_lease_ttl }}"
+  listener:
+    tcp:
+      address: "0.0.0.0:{{ vault_port }}"
+      tls_cert_file: "{{ vault_cert_dir }}/api.pem"
+      tls_key_file: "{{ vault_cert_dir }}/api-key.pem"
+  max_lease_ttl: 720h
+vault_config_dir: /etc/vault
+vault_container_name: kube-hashicorp-vault
+vault_default_lease_ttl: 720h
+vault_default_role_permissions:
+  allow_any_name: true
+vault_deployment_type: docker
+vault_etcd_needs_gen: false
+vault_etcd_sync_hosts: []
+vault_max_lease_ttl: 87600h 
+vault_needs_gen: false
+vault_port: 8200
+vault_secret_shares: 1
+vault_secret_threshold: 1
+vault_secrets_dir: "{{ vault_config_dir }}/secrets"
+vault_temp_config:
+  default_lease_ttl: "{{ vault_default_lease_ttl }}"
+  backend:
+    file:
+      path: /vault/file
+  listener:
+    tcp:
+      address: "0.0.0.0:{{ vault_temp_port }}"
+      tls_disable: "true"
+vault_temp_port: 8201
+
+# This should be set higher up, but setting defaults here to avoid issues
+etcd_cert_dir: /etc/ssl/etcd/ssl
+kube_cert_dir: /etc/kubernetes/ssl
+
+# Sync cert defaults (should be role, once include_role is fixed)
+sync_file: ''
+sync_file_dir: ''
+sync_file_host_count: 0
+sync_file_is_cert: false
+sync_file_key_path: ''
+sync_file_key_srcs: []
+sync_file_path: ''
+sync_file_results: []
+sync_file_srcs: []