feat: add service data
- add pki certificates - add consul service - add ssh principals
This commit is contained in:
parent
0455965525
commit
4fec931fb1
29
hieradata/roles/infra/proxy/jumphost.yaml
Normal file
29
hieradata/roles/infra/proxy/jumphost.yaml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
profiles::pki::vault::alt_names:
|
||||||
|
- jumphost.service.consul
|
||||||
|
- jumphost.query.consul
|
||||||
|
- "jumphost.service.%{facts.country}-%{facts.region}.consul"
|
||||||
|
|
||||||
|
profiles::ssh::sign::principals:
|
||||||
|
- jumphost.query.consul
|
||||||
|
- jumphost.service.consul
|
||||||
|
- jumphost.service.%{facts.country}-%{facts.region}.consul
|
||||||
|
|
||||||
|
consul::services:
|
||||||
|
jumphost:
|
||||||
|
service_name: 'jumphost'
|
||||||
|
tags:
|
||||||
|
- 'jumphost'
|
||||||
|
- 'proxy'
|
||||||
|
- 'ssh'
|
||||||
|
address: "%{facts.networking.ip}"
|
||||||
|
port: 22
|
||||||
|
checks:
|
||||||
|
- id: 'ssh_tcp_check'
|
||||||
|
name: 'SSH TCP Check'
|
||||||
|
tcp: "%{facts.networking.ip}:22"
|
||||||
|
interval: '10s'
|
||||||
|
timeout: '1s'
|
||||||
|
profiles::consul::client::node_rules:
|
||||||
|
- resource: service
|
||||||
|
segment: jumphost
|
||||||
|
disposition: write
|
||||||
Loading…
Reference in New Issue
Block a user