feat(vault): add port 8200 listener, consul SANs, consul service_registration
- Add SAN altnames vault.service.consul and vault.query.consul to cert - Add vault-direct HTTPS listener on port 8200 (TLS terminate, same cert) - Add vault-consul HTTPRoute binding consul DNS names to port 8200 listener - Add vault-direct port 8200 entrypoint to traefik-internal - Switch service_registration from kubernetes to consul (consul-server.consul.svc.cluster.local:8500)
This commit is contained in:
@@ -12,6 +12,7 @@ metadata:
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: vault.k8s.syd1.au.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
cert-manager.io/subject-alternative-names: vault.service.consul,vault.query.consul
|
||||
external-dns.alpha.kubernetes.io/hostname: vault.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||
spec:
|
||||
@@ -29,3 +30,14 @@ spec:
|
||||
certificateRefs:
|
||||
- kind: Secret
|
||||
name: vault-tls
|
||||
- name: vault-direct
|
||||
port: 8200
|
||||
protocol: HTTPS
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
tls:
|
||||
mode: Terminate
|
||||
certificateRefs:
|
||||
- kind: Secret
|
||||
name: vault-tls
|
||||
|
||||
Reference in New Issue
Block a user