Hello,
I am migrating from VM to k8s via helm chart install and there we have pods created with vault-0, vault-1 and vault-2 and below services. Now if i create self signed certificates like CN=internal-vault.service.example.com do i need to add below services and pod names as Subject alternative names (SAN) in my internal certificate ?
services
DNS: vault-internal.mynamespace.svc.cluster.local
DNS: vault-standby.mynamespace.svc.cluster.local
DNS: vault.mynamespace.svc.cluster.local
DNS: vault-active.mynamespace.svc.cluster.local
pod names
DNS: vault-0.vault-internal.mynamespace.svc.cluster.local
DNS: vault-1.vault-internal.mynamespace.svc.cluster.local
DNS: vault-2.vault-internal.mynamespace.svc.cluster.local i believe i only need to add full pod name to SAN list as internal communication is happening between these pods only . But then there is also raft storage in backend which is communicating by vault-internal.mynamespace.svc.cluster.local i guess… please suggest