For those deploying Vault on Kubernetes with the Helm chart and adding it to a Consul service mesh with transparent proxy enabled, I did get it working but it needed some annotations.
I updated some annotations on the Vault server.
I added outbound and inbound port exclusions because of the Vault server StatefulSet configuration.
consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: "8200,8201" consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: "8200,8201"
Since I was using GCP KMS to auto-unseal my cluster, I included an outbound CIDR exclusion for the GCP private services endpoint.
For each service that used Vault agent injection, I had to add a pod annotation to allow the Vault agent to initialize first before Consul sidecars and Envoy.