Hello ,
I was following this guide : Standalone Server with TLS | Vault | HashiCorp Developer
Deployed Vault Helm 1.4.0 with Integrated Storage on my EKS cluster.
I cannot join the pods to the cluster via the vault-0.vault-internal dns name .
i get this error
2020-06-03T19:27:07.974Z [INFO] core: attempting to join possible raft leader node: leader_addr=https://vault-0.vault-internal:8200
2020-06-03T19:27:07.993Z [INFO] core: join attempt failed: error=“error during raft bootstrap init call: Put https://vault-0.vault-internal:8200/v1/sys/storage/raft/bootstrap/challenge: x509: certificate is valid for vault.vault.svc, not vault-0.vault-internal”
2020-06-03T19:27:07.993Z [ERROR] core: failed to join raft cluster: error=“failed to join any raft leader node”
it asks me to change the dns from vault-0.vault-internal to vault.vault.svc it means that i will join the cluster but after it hits the server (round robin).
i was trying to play with the csr and created this CSR Config (added *.vault-internal for the alternative name)
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = vault
DNS.2 = vault.vault
DNS.3 = vault.vault.svc
DNS.4 = vault.vault.svc.cluster.local
DNS.5 = *.vault-internal
IP.1 = 127.0.0.1
it checks the https with the common name i gave it when i created the csr.
openssl req -new -key TMPDIR/vault.key -subj “/CN=vault.vault.svc” -out TMPDIR/server.csr -config TMPDIR/csr.conf
Any ideas why i get this error ?
thank you 