Use job_name in consul conf and vault policy
This commit is contained in:
parent
0f1906c436
commit
0a3b3d4bfd
|
@ -1,3 +1,3 @@
|
|||
Kind = "service-defaults"
|
||||
Name = "acme-to-vault[[ .env.suffix ]]"
|
||||
Name = "[[ .acme.job_name ]][[ .env.suffix ]]"
|
||||
Protocol = "http"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
Kind = "service-intentions"
|
||||
Name = "acme-to-vault[[ .env.suffix ]]"
|
||||
Name = "[[ .acme.job_name ]][[ .env.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ .traefik.instance ]]"
|
||||
|
|
|
@ -5,9 +5,9 @@ path "[[ .vault.prefix ]]kv/metadata/service/traefik/certs" {
|
|||
capabilities = ["list","read"]
|
||||
}
|
||||
|
||||
path "[[ .vault.prefix ]]kv/data/service/acme-to-vault/account/*" {
|
||||
path "[[ .vault.prefix ]]kv/data/service/[[ .acme.job_name ]]/account/*" {
|
||||
capabilities = ["read","create","update"]
|
||||
}
|
||||
path "[[ .vault.prefix ]]kv/metadata/service/acme-to-vault/account/*" {
|
||||
path "[[ .vault.prefix ]]kv/metadata/service/[[ .acme.job_name ]]/account/*" {
|
||||
capabilities = ["list","read"]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue