Problems encountered with helm deployment vaults

I have deployed consul in my k8s cluster (with ACL and TLS enabled), and the list of resources is as follows

root@master01:~/consul# kubectl  -n consul  get pods,svc
NAME                                               READY   STATUS    RESTARTS      AGE
pod/consul-client-cdwgb                            1/1     Running   0             4h
pod/consul-client-rfgvm                            1/1     Running   0             4h
pod/consul-client-z4mbx                            1/1     Running   0             4h
pod/consul-cni-cxrfp                               1/1     Running   0             20h
pod/consul-cni-lg6qj                               1/1     Running   0             20h
pod/consul-cni-nvqnp                               1/1     Running   2 (20h ago)   20h
pod/consul-connect-injector-57dc4c99fc-wdqf4       1/1     Running   1 (46m ago)   3h59m
pod/consul-server-0                                1/1     Running   0             20h
pod/consul-server-1                                1/1     Running   0             20h
pod/consul-server-2                                1/1     Running   0             20h
pod/consul-webhook-cert-manager-6548987cf6-bctkr   1/1     Running   0             20h

NAME                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                            AGE
service/consul-connect-injector   ClusterIP   10.109.60.72    <none>        443/TCP                                                                            20h
service/consul-dns                ClusterIP   10.102.3.39     <none>        53/TCP,53/UDP                                                                      20h
service/consul-server             ClusterIP   None            <none>        8501/TCP,8502/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   20h
service/consul-ui                 NodePort    10.102.174.59   <none>        443:32693/TCP                                                                      20h

Then helm deployed vault, I want to use consul as storage, but I don’t know how to modify values.yaml properly(consul has ACL and TLS enabled, I think my yaml file is missing something), the part about vault configuration is as follows

......
   ha:
      enabled: true
      replicas: 3
      config: |
         cluster_name = "vault-consul-storage"
         ui = true
         listener "tcp" {
            #启用tls
            tls_disable = 0
            #这个字段定义了Vault服务器监听传入连接的网络接口,通常也可以认为是 Vault API(CLI,应用程序与之交互) 的地址
            address = "[::]:8200"
            #Vault集群内部节点之间进行通信的地址。其他 Vault 节点会使用这个地址来连接到当前节点,进行数据同步、领导者选举等操作。
            cluster_address = "[::]:8201"
            tls_cert_file = "/vault/userconfig/vault-ha-tls/vault.crt"
            tls_key_file  = "/vault/userconfig/vault-ha-tls/vault.key"
            tls_client_ca_file = "/vault/userconfig/vault-ha-tls/vault.ca"
         }
         storage "consul" {
             path = "vault/"
             address = "https://consul-server.consul.svc.cluster.local:8501"
         }
         disable_mlock = true
         service_registration "kubernetes" {}

Hello,

This tutorial may help out - it uses minikube for the example but otherwise should translate.

Let me know if that helps.