fixup config files and policies

2021-07-13 18:08:43 -04:00
parent 6fd29d2a4b
commit 5bbe8337c0
4 changed files with 12 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 cert-manager/
 certs/
+backups/
--- a/helm/ha.yaml
+++ b/helm/ha.yaml
@@ -22,7 +22,7 @@ server:
        }

        seal "transit" {
-          address = "https://pivault.dnet"
+          address = "http://3.14.3.104:8200"
          disable_renewal = "false"
          key_name = "autounseal"
          mount_path = "transit/"
--- a/helm/pivault.yaml
+++ b/helm/pivault.yaml
@@ -13,7 +13,7 @@ server:
    config: |
      ui = true

-      listener "tcp" {
+      listener "tcp" {z
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
@@ -46,4 +46,4 @@ server:

 ui:
  enabled: true
-  serviceType: ClusterIP
+  serviceType: LoadBalancer
--- a/policies/ducoterra.hcl
+++ b/policies/ducoterra.hcl
@@ -13,3 +13,11 @@ path "secret/*" {
 path "dnet_inter/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
 }
+
+path "ssh-client-signer/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "ssh-host-signer/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}