Merge pull request 'chore: add ssh principals' (#31) from neoloc/puppetca_ssh_principal into develop

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/31

hieradata/nodes/ausyd1nxvm1036.main.unkin.net.yaml

@@ -5,6 +5,12 @@ profiles::puppet::server::dns_alt_names:
   - puppetca.query.consul
   - puppetca
 
+profiles::ssh::sign::principals:
+  - puppetca.main.unkin.net
+  - puppetca.service.consul
+  - puppetca.query.consul
+  - puppetca
+
 profiles::puppet::puppetca::is_puppetca: true
 profiles::puppet::puppetca::allow_subject_alt_names: true
 networking::interfaces:

hieradata/roles/infra/git/gitea.yaml

@@ -6,6 +6,11 @@ profiles::pki::vault::alt_names:
   - git.query.consul
   - "git.service.%{facts.country}-%{facts.region}.consul"
 
+profiles::ssh::sign::principals:
+  - git.main.unkin.net
+  - git.service.consul
+  - git.query.consul
+
 consul::services:
   git:
     service_name: 'git'

hieradata/roles/infra/puppet/master.yaml

@@ -58,6 +58,10 @@ profiles::puppet::server::dns_alt_names:
   - puppetmaster
   - puppet
 
+profiles::ssh::sign::principals:
+  - puppet.service.consul
+  - puppet.query.consul
+
 consul::services:
   puppet:
     service_name: 'puppet'