Hello everyone!
Currently we are configuring vault with HA mode on google instances and we are struggling to make it available both publicly with our domain name, and internally with an internal DNS.
I assume I need two network interfaces on the vault nodes, and a listener for each of them. Is this even possible? Assuming that api_addr would be bound to the IP address on interface no.1, won’t the client communication with the second listener fail? Thank you.
If you’re doing HA then your cluster will have to be on a private network and that solves all of your questions. Externally on the LoadBalancer you can have both internal and external listeners that all forward the requests (no SSL termination) over to the network where Vault is running – presumably a private network in GCP.