19 lines
550 B
Plaintext
19 lines
550 B
Plaintext
# Get a certificate from vault to protect the metrics endpoint
|
|
template {
|
|
data =<<_EOT
|
|
{{- with pkiCert "[[ .prometheus.vault_pki ]]/issue/metrics" (printf "ip_sans=%s" (env "NOMAD_HOST_IP_metrics")) }}
|
|
{{ .Cert }}
|
|
{{ .Key }}
|
|
{{- end }}
|
|
_EOT
|
|
destination = "secrets/metrics.bundle.pem"
|
|
}
|
|
|
|
# Get the root CA
|
|
template {
|
|
data =<<_EOT
|
|
{{ with secret "[[ .prometheus.vault_pki ]]/cert/ca_chain" }}{{ .Data.ca_chain }}{{ end }}
|
|
_EOT
|
|
destination = "local/monitoring.ca.pem"
|
|
}
|