Pass full ctx to metrics_proxy
This commit is contained in:
parent
bc14cf862c
commit
9771ed3768
|
@ -7,6 +7,8 @@
|
|||
volumes = [
|
||||
"local/default.conf:/etc/nginx/conf.d/default.conf:ro"
|
||||
]
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
}
|
||||
|
||||
lifecycle {
|
||||
|
@ -15,12 +17,12 @@
|
|||
}
|
||||
|
||||
vault {
|
||||
policies = ["metrics[[ .env_suffix ]]"]
|
||||
policies = ["metrics[[ .ctx.env.suffix ]]"]
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{- with pkiCert "[[ .vault_prefix ]]pki/monitoring/issue/metrics" (printf "ip_sans=%s" (env "NOMAD_HOST_IP_metrics")) }}
|
||||
{{- with pkiCert "[[ .ctx.vault.prefix ]]pki/monitoring/issue/metrics" (printf "ip_sans=%s" (env "NOMAD_HOST_IP_metrics")) }}
|
||||
{{ .Cert }}
|
||||
{{ .Key }}{{ end -}}
|
||||
_EOT
|
||||
|
@ -29,7 +31,7 @@ _EOT
|
|||
|
||||
template {
|
||||
data =<<_EOT
|
||||
{{ with secret "[[ .vault_prefix ]]pki/monitoring/cert/ca_chain" }}{{ .Data.ca_chain }}{{ end }}
|
||||
{{ with secret "[[ .ctx.vault.prefix ]]pki/monitoring/cert/ca_chain" }}{{ .Data.ca_chain }}{{ end }}
|
||||
_EOT
|
||||
destination = "local/monitoring.ca.pem"
|
||||
}
|
||||
|
@ -44,7 +46,6 @@ server {
|
|||
ssl_certificate_key /secrets/metrics.bundle.pem;
|
||||
ssl_client_certificate /local/monitoring.ca.pem;
|
||||
ssl_verify_client on;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
@ -70,7 +71,8 @@ _EOT
|
|||
|
||||
resources {
|
||||
cpu = 10
|
||||
memory = 12
|
||||
memory = 10
|
||||
memory_max = 20
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user