Split metrics_cert in its own template
So it can be reused by other tasks
This commit is contained in:
parent
07b0aa8f2f
commit
2efe9a12e8
|
@ -0,0 +1,18 @@
|
|||
# Get a certificate from vault to protect the metrics endpoint
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{- with pkiCert "[[ .prometheus.vault_pki ]]/issue/metrics" (printf "ip_sans=%s" (env "NOMAD_HOST_IP_metrics")) }}
|
||||
{{ .Cert }}
|
||||
{{ .Key }}
|
||||
{{- end }}
|
||||
_EOT
|
||||
destination = "secrets/metrics.bundle.pem"
|
||||
}
|
||||
|
||||
# Get the root CA
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{ with secret "[[ .prometheus.vault_pki ]]/cert/ca_chain" }}{{ .Data.ca_chain }}{{ end }}
|
||||
_EOT
|
||||
destination = "local/monitoring.ca.pem"
|
||||
}
|
|
@ -25,21 +25,7 @@ vim: syntax=hcl
|
|||
policies = ["metrics[[ .consul.suffix ]]"]
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{- with pkiCert "[[ .prometheus.vault_pki ]]/issue/metrics" (printf "ip_sans=%s" (env "NOMAD_HOST_IP_metrics")) }}
|
||||
{{ .Cert }}
|
||||
{{ .Key }}{{ end -}}
|
||||
_EOT
|
||||
destination = "secrets/metrics.bundle.pem"
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{ with secret "[[ .vault.root ]]pki/monitoring/cert/ca_chain" }}{{ .Data.ca_chain }}{{ end }}
|
||||
_EOT
|
||||
destination = "local/monitoring.ca.pem"
|
||||
}
|
||||
[[ template "common/metrics_cert" . ]]
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
|
|
Loading…
Reference in New Issue