Robert Kaussow
d5b3b7283f
All checks were successful
continuous-integration/drone/push Build is passing
67 lines
1.9 KiB
YAML
67 lines
1.9 KiB
YAML
---
|
|
vault_image: "docker.io/hashicorp/vault:latest"
|
|
vault_url: "http://localhost:8200"
|
|
|
|
vault_restart_policy: always
|
|
vault_service_stopped: False
|
|
|
|
vault_config_volume: "vault-config"
|
|
vault_data_volume: "vault-data"
|
|
|
|
# @var vault_volumes:description: > Define required docker volumes.
|
|
# @end
|
|
# @var vault_volumes:example: >
|
|
# vault_volumes:
|
|
# - name: data
|
|
# # target location inside the container
|
|
# dest: /var/www/app/data
|
|
# type: volume
|
|
# @end
|
|
vault_volumes:
|
|
- name: "{{ vault_config_volume }}"
|
|
dest: /vault/config
|
|
- name: "{{ vault_data_volume }}"
|
|
dest: /vault/file
|
|
|
|
# @var vault_network:description: >
|
|
# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration.
|
|
# Otherwise, the network must already exist and the container will be attached to the network.
|
|
# @end
|
|
vault_network: "vault.network"
|
|
vault_network_ipv6_enabled: False
|
|
# @var vault_network_ipv6_subnet:value: $ "_unset_"
|
|
# @var vault_network_ipv6_subnet:example: $ "fd00:0:0:2::/64"
|
|
# @var vault_network_ipv6_gateway:value: $ "_unset_"
|
|
# @var vault_network_ipv6_gateway:example: $ "fd00:0:0:2::1"
|
|
|
|
# @var vault_network_ipv4_subnet:value: $ "_unset_"
|
|
# @var vault_network_ipv4_gateway:value: $ "_unset_"
|
|
|
|
# @var vault_exposed_ports:description: >
|
|
# Ports you want to publish outside of Docker. Vault is running on `8200` inside of the container.
|
|
# @end
|
|
vault_exposed_ports: []
|
|
|
|
vault_cap_add:
|
|
- ipc_lock
|
|
vault_cap_drop: []
|
|
|
|
vault_podman_args:
|
|
- --pids-limit=-1
|
|
- --userns=host
|
|
- --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:8200/{{ __vault_health_path }}"]'
|
|
- --health-interval=5s
|
|
- --health-timeout=5s
|
|
- --health-retries=6
|
|
- --health-on-failure=kill
|
|
|
|
vault_log_level: warn
|
|
vault_default_lease_ttl: 24h
|
|
vault_max_lease_ttl: 240h
|
|
|
|
vault_ui: True
|
|
vault_disable_clustering: True
|
|
|
|
vault_unseal_keys: []
|
|
vault_auto_unseal: False
|