Hi, I’m trying to set up an HA vault (OSS) deployment using raft storage backend and in front of it there is a load balancer (HAproxy in that case). The vault service on HAproxy is listening on port 443 using a dedicated virtual IP (vault-vip.example.com) while the “official” vault FQDN used by client (users, applications etc.) is vault.example.com (CNAME for vault-vip.example.com).
Vault service on every raft cluster node is listening on port 8200 (reachable only from other cluster nodes and LB).
Right now, I’m using https://vault-vip.example.com as leader_api_addr for raft storage backend, https://vault.example.com as api_addr and https://<node_fqdn>:8201 as cluster_addr (cluster_addr is reachable only from other cluster nodes).
Am I doing it right?
Supposing that I need to setup a new independent cluster just for test (different nodes, different virtual IP etc.) can I still use https://vault.example.com as api_addr or this can create some kind of problems (locally I’m going to change /etc/hosts to let vault.example.com to point the new cluster virtual IP)?