Ben Vincent
a7e9f1590e
- set syd1 as primary consul datacentre - add consul.service.consul zone - add nginx reverse proxy for consul webui - set dns zones/acls/views/keys to be deep merged from hiera - update default token - add consul/consul.service.consul/consul.main.unkin.net to vault cert
27 lines
753 B
YAML
27 lines
753 B
YAML
---
|
|
profiles::consul::server::members_lookup: true
|
|
profiles::consul::server::data_dir: /data/consul
|
|
profiles::consul::server::addresses:
|
|
dns: "%{::networking.ip}"
|
|
http: "%{::networking.ip}"
|
|
https: "%{::networking.ip}"
|
|
grpc: "%{::networking.ip}"
|
|
grpc_tls: "%{::networking.ip}"
|
|
profiles::consul::server::ports:
|
|
dns: 8600
|
|
http: 8500
|
|
https: -1
|
|
profiles::consul::server::acl:
|
|
enabled: true
|
|
default_policy: 'deny'
|
|
down_policy: 'extend-cache'
|
|
tokens:
|
|
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
|
|
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- consul.main.unkin.net
|
|
- consul.service.consul
|
|
- consul
|