marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5cce9461c1b6c1bec33fda10a9a4d49e2dc37a01
samfelag/docs/consul.org
marc fa12502c6e Structured documentation
2024-02-10 20:26:01 +01:00

1.1 KiB
Raw Blame History

Consul

ACLs

Policies

Node Policy

Policy for agent tokens

agent_prefix "" {
  policy = "write"
}
node_prefix "" {
  policy = "write"
}
service_prefix "" {
  policy = "read"
}
session_prefix "" {
  policy = "read"
}

Nomad client

Policy for nomad clients (to be added in the consul.token field in the nomad config)

agent_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "write"
}

Nomad server

Policy for nomad servers (to be added in the consul.token field in the nomad config)

agent_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "write"
}

acl = "write"

Node Agent Token

Create a token at http://hvannadal:8500/ui/samfelag/acls/tokens with the node policy. Create the consul config file and encrypt it via agenix:

agenix -e consul.d/agent-token-<host>.json.age

JSON config:

{
  "acl": {
    "tokens": {
      "default": "<AGENT_TOKEN>",
      "agent": "<AGENT_TOKEN>"
    }
  }
}
Reference in New Issue View Git Blame Copy Permalink