Hi! I have installed vault with the helm chart in a k8s cluster in HA mode.
I have 3 nodes.
And when I’m trying to create a snapshot from one of the nodes, I receive this error.
$ vault operator raft snapshot save /tmp/snapshot Error taking the snapshot: redirect failed: Get "https://10.2.1.2:8200/v1/sys/storage/raft/snapshot": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, not 10.2.1.2
I have a custom certificate that has as alt_name 127.0.0.1 and *.vault-internal.
Why the node is trying to connect to the master node through the internal IP (220.127.116.11) instead of the hostname (vault-0.vault-internal)?
This is the output of the Vault status.
$ vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 5 Threshold 3 Version 1.14.2 Build Date 2023-08-24T13:19:12Z Storage Type raft Cluster Name vault-cluster-5cd0136f Cluster ID a68aa1cb-64a6-e4a8-e0b8-a7997d4022ba HA Enabled true HA Cluster https://vault-0.vault-internal:8201 HA Mode standby Active Node Address https://10.2.1.2:8200 Raft Committed Index 504 Raft Applied Index 504
You can see that the Active Node Address points to the internal IP instead of the hostname.
How can I configure it to be https://vault-0.vault-internal:8200???