Dear vault community,
I am trying to deploy hashicorp vault on a k8s cluster through the official hashicorp helm charts.
I tried to follow the documentation and some examples I’ve seen online but my iu still does not want to work when I try to access the web UI through the ingress host address.
The issue I am having is that kubernetes is using a “Kubernetes Ingress Controller Fake Certificate” instead of the one specified in the “server.ingress.tsl” helm chart section.
Please note I didn’t get my certificates from kubernetes but from a different place.
This is my values.yaml file:
server:
readinessProbe:
enabled: false
livenessProbe:
enabled: false
dataStorage:
storageClass: starlex
auditStorage:
enabled: true
storageClass: starlex
service:
enabled: true
type: NodePort
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: vault.mydomain.com
paths: ["/"]
tls:
- secretName: vault-server-tls
hosts:
- vault.mydomain.com
extraVolumes:
- type: secret
name: vault-server-tls
standalone:
enabled: true
ui:
enabled: true
serviceType: NodePort
also, I can see the certificate in the ingress description
$ kubectl -n mynamespace describe ingress vault
Name: vault
Namespace: mynamespace
Address: YYY.YYY.YYY.YYY
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
vault-server-tls terminates vault.mydomain.com
Rules:
Host Path Backends
---- ---- --------
vault.mydomain.com
/ vault:8200 (XXX.XXX.XXX.XXX:8200)
Annotations: kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: true
meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: mynamespace
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 4m18s (x1225 over 10h) nginx-ingress-controller Scheduled for sync
Normal UPDATE 4m18s (x1224 over 10h) nginx-ingress-controller Ingress mynamespace/vault
Any idea of what could be wrong?
thank you very much