fix: move primary_datacenter to region/role

- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
This commit is contained in:
2024-04-25 00:07:51 +10:00
parent f863d6f6bb
commit a7e9f1590e
10 changed files with 276 additions and 41 deletions
+6 -1
View File
@@ -1,7 +1,6 @@
---
profiles::consul::server::members_lookup: true
profiles::consul::server::data_dir: /data/consul
profiles::consul::server::primary_datacenter: 'au-drw1'
profiles::consul::server::addresses:
dns: "%{::networking.ip}"
http: "%{::networking.ip}"
@@ -19,3 +18,9 @@ profiles::consul::server::acl:
tokens:
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
# additional altnames
profiles::pki::vault::alt_names:
- consul.main.unkin.net
- consul.service.consul
- consul