marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Structured documentation

Browse Source
This commit is contained in:
marc
2024-02-10 20:26:01 +01:00
parent d0f78cc24f
commit fa12502c6e
4 changed files with 229 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
docs/consul.org Normal file
View File

@@ -0,0 +1,68 @@
#+title: Consul
* ACLs
** Policies
*** Node Policy
Policy for agent tokens
#+begin_src hcl
agent_prefix "" {
policy = "write"
}
node_prefix "" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
session_prefix "" {
policy = "read"
}
#+end_src
*** Nomad client
Policy for nomad clients (to be added in the consul.token field in the nomad config)
#+begin_src hcl
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}
#+end_src
*** Nomad server
Policy for nomad servers (to be added in the consul.token field in the nomad config)
#+begin_src hcl
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}
acl = "write"
#+end_src
** Node Agent Token
Create a token at http://hvannadal:8500/ui/samfelag/acls/tokens with the node policy.
Create the consul config file and encrypt it via agenix:
#+begin_src bash
agenix -e consul.d/agent-token-<host>.json.age
#+end_src
JSON config:
#+begin_src json
{
"acl": {
"tokens": {
"default": "<AGENT_TOKEN>",
"agent": "<AGENT_TOKEN>"
}
}
}
#+end_src