Add further todos for Nomad Vault

2022-07-27 13:40:21 -07:00 · 2022-07-27 13:40:21 -07:00 · e39fbc41a7
parent 25ec582eaf
commit e39fbc41a7
1 changed files with 3 additions and 1 deletions
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@ -343,9 +343,11 @@
        # Enable vault integration
        # TODO: This fails on first run because the Nomad-Vault integration can't be set up
        # until Nomad has started. Could maybe figure out if ACLs have been set up and leave
-        # these out until the later play
+        # these out until the later play, maybe just bootstrap the nomad-cluster role in Vault
+        # befor Nomad is set up
        nomad_vault_address: "http://vault.service.consul:8200"
        nomad_vault_create_from_role: "nomad-cluster"
+        # TODO: Probably want to restict this to a narrower scoped token
        nomad_vault_enabled: "{{ root_token is defined }}"
        nomad_vault_token: "{{ root_token | default('') }}"