Can I create a TLS cert with vault PKI to use to stand up another vault cluster on Kubernetes?

I’m having trouble standing up a vault instance. I’ve created a PKI TLS cert from another vault instance already stood up and used the CA, pem, and key to supply to the retry_join block that isn’t working. Also, HA mode is stuck in standby mode.

As for the CA cert, can I use the root CA that was created with vault pki, or does it have to reference /var/run/secrets/ CA crt?

Not sure if this is entirely blocking the retry_join/HA Mode being in standby/Active mode address missing in vault status?

OK… but how isn’t it working? If you don’t give us any more details, it’s next to impossible to offer useful guidance.

The Kubernetes service account signing CA is completely separate from any CA used for application-level HTTPS.