Annotations for Vault on Kubernetes with Consul transparent proxy

For those deploying Vault on Kubernetes with the Helm chart and adding it to a Consul service mesh with transparent proxy enabled, I did get it working but it needed some annotations.

In vault-helm values

I updated some annotations on the Vault server.

I added outbound and inbound port exclusions because of the Vault server StatefulSet configuration. "8200,8201" "8200,8201"

Since I was using GCP KMS to auto-unseal my cluster, I included an outbound CIDR exclusion for the GCP private services endpoint. ""

In Deployments, StatefulSets, or DaemonSets that use Vault agent injection

For each service that used Vault agent injection, I had to add a pod annotation to allow the Vault agent to initialize first before Consul sidecars and Envoy. "true"