46 lines
1.3 KiB
Bash
Executable File
46 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
[[- $c := merge .kafka .]]
|
|
[[ template "common/vault.mkpki.sh" $c ]]
|
|
|
|
# Role for the brokers
|
|
vault write [[ $c.vault.pki.path ]]/roles/[[ .instance ]]-broker \
|
|
allowed_domains="[[ .instance ]]-broker[[ .consul.suffix ]],[[ .instance ]]-broker[[ .consul.suffix ]].service.[[ .consul.domain ]]" \
|
|
allow_bare_domains=true \
|
|
allow_subdomains=true \
|
|
allow_localhost=true \
|
|
allow_ip_sans=true \
|
|
server_flag=true \
|
|
client_flag=true \
|
|
allow_wildcard_certificates=false \
|
|
max_ttl=720h \
|
|
ou="[[ $c.vault.pki.ou ]]"
|
|
|
|
# Role for the prometheus exporter
|
|
vault write [[ $c.vault.pki.path ]]/roles/[[ .instance ]]-exporter \
|
|
allowed_domains="[[ .instance ]]-exporter" \
|
|
allow_bare_domains=true \
|
|
allow_subdomains=false \
|
|
allow_localhost=false \
|
|
allow_ip_sans=false \
|
|
server_flag=false \
|
|
client_flag=true \
|
|
allow_wildcard_certificates=false \
|
|
max_ttl=72h \
|
|
ou="[[ $c.vault.pki.ou ]]"
|
|
|
|
# Role for Jikkou (topic and ACL management tool)
|
|
vault write [[ $c.vault.pki.path ]]/roles/[[ .instance ]]-jikkou \
|
|
allowed_domains="[[ .instance ]]-jikkou" \
|
|
allow_bare_domains=true \
|
|
allow_subdomains=false \
|
|
allow_localhost=false \
|
|
allow_ip_sans=false \
|
|
server_flag=false \
|
|
client_flag=true \
|
|
allow_wildcard_certificates=false \
|
|
max_ttl=1h \
|
|
ou="[[ $c.vault.pki.ou ]]"
|