diff --git a/conf/deployment/aws/ipi_3az_rhcos_3m_3w_3i_vault_v2_external_with_namespace.yaml b/conf/deployment/aws/ipi_3az_rhcos_3m_3w_3i_vault_v2_external_with_namespace.yaml new file mode 100644 index 00000000000..0ea12ebc7ea --- /dev/null +++ b/conf/deployment/aws/ipi_3az_rhcos_3m_3w_3i_vault_v2_external_with_namespace.yaml @@ -0,0 +1,38 @@ +--- +DEPLOYMENT: + allow_lower_instance_requirements: false + kms_deployment: true + infra_nodes: true +ENV_DATA: + platform: 'aws' + deployment_type: 'ipi' + region: 'us-east-2' + worker_availability_zones: + - 'us-east-2a' + - 'us-east-2b' + - 'us-east-2c' + infra_availability_zones: + - 'us-east-2a' + - 'us-east-2b' + - 'us-east-2c' + master_availability_zones: + - 'us-east-2a' + - 'us-east-2b' + - 'us-east-2c' + worker_replicas: 3 + master_replicas: 3 + infra_replicas: 3 + worker_instance_type: 'm5.4xlarge' + encryption_at_rest: true + vault_deploy_mode: external + use_vault_namespace: true + KMS_PROVIDER: vault + KMS_SERVICE_NAME: vault + VAULT_AUTH_METHOD: token + VAULT_CACERT: "ocs-kms-ca-secret" + VAULT_CA_ONLY: true + VAULT_CLIENT_CERT: "ocs-kms-client-cert" + VAULT_CLIENT_KEY: "ocs-kms-client-key" + vault_hcp: true + VAULT_SKIP_VERIFY: false + VAULT_BACKEND: "v2"