puppet-prod/hieradata/roles/infra/proxy/jumphost.yaml

profiles::pki::vault::alt_names:
  - jumphost.service.consul
  - jumphost.query.consul
  - "jumphost.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - jumphost.query.consul
  - jumphost.service.consul
  - jumphost.service.%{facts.country}-%{facts.region}.consul

consul::services:
  jumphost:
    service_name: 'jumphost'
    tags:
      - 'jumphost'
      - 'proxy'
      - 'ssh'
    address: "%{facts.networking.ip}"
    port: 22
    checks:
      - id: 'ssh_tcp_check'
        name: 'SSH TCP Check'
        tcp: "%{facts.networking.ip}:22"
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: jumphost
    disposition: write