Skip to content

Instantly share code, notes, and snippets.

@jwhitcraft

jwhitcraft/annonomus.hcl

Created April 21, 2017 01:32
Show Gist options
  • Save jwhitcraft/2ef0b241213570b2e4059d3a473fff49 to your computer and use it in GitHub Desktop.
Save jwhitcraft/2ef0b241213570b2e4059d3a473fff49 to your computer and use it in GitHub Desktop.
Download ZIP
Below is my consul ACL policies for Consul 0.8.1 along with my consul config,
Raw
annonomus.hcl
key "lock/" {
policy = "write"
}
service "" {
policy = "write"
}
node "" {
policy = "write"
}
session "" {
policy = "write"
}
agent "" {
policy = "write"
}
Raw
consul.hcl
{
"ca_file": "/etc/tls/ca.pem",
"cert_file": "/etc/tls/consul.pem",
"key_file": "/etc/tls/consul-key.pem",
"verify_incoming": true,
"verify_outgoing": true,
"verify_server_hostname": true,
"acl_datacenter": "dc1",
"acl_default_policy": "deny",
"acl_master_token": "unique_uuid_here",
"acl_agent_master_token": "another_unique_uuid_here",
"ports": {
"https": 8443
}
}
Raw
vault.hcl
key "vault/" {
policy = "write"
}
service "vault" {
policy = "write"
}
node "" {
policy = "write"
}
session "" {
policy = "write"
}
@jwhitcraft
Copy link
Author

This is the consul setup from https://github.com/kelseyhightower/consul-on-kubernetes with the following added

  • ACL Config
  • acl_agent_master_token added to the job for joining reasons

Then I took the vault setup from here https://github.com/drud/vault-consul-on-kube and just adjusted the consul pods to pull in the same consul config and use the vault-token i created with in consul

I'll post the full repo later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment