Unable to access Vault UI via Ingress

Vault
1

Hello, I’m new with Vault and I have some doubts about how to access the UI.

I’m trying to deploy Vault in my kubernetes dev cluster (I’m not using minikube)

I have complete this ‘getting started with k8s’ guide: https://learn.hashicorp.com/vault/getting-started-k8s/minikube

> kubectl get all      
NAME                                        READY   STATUS    RESTARTS   AGE
pod/consul-consul-2vgpq                     1/1     Running   0          64m
pod/consul-consul-6ht9t                     1/1     Running   0          64m
pod/consul-consul-c97st                     1/1     Running   0          64m
pod/consul-consul-server-0                  1/1     Running   0          64m
pod/vault-0                                 1/1     Running   0          51m
pod/vault-1                                 1/1     Running   0          51m
pod/vault-2                                 1/1     Running   0          51m
pod/vault-agent-injector-7f847548c7-xthhp   1/1     Running   0          52m

NAME                               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                   AGE
service/consul-consul-dns          ClusterIP   172.21.218.242   <none>        53/TCP,53/UDP                                                             64m
service/consul-consul-server       ClusterIP   None             <none>        8500/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP   64m
service/consul-consul-ui           ClusterIP   172.21.131.123   <none>        80/TCP                                                                    64m
service/vault                      ClusterIP   172.21.126.239   <none>        8200/TCP,8201/TCP                                                         52m
service/vault-agent-injector-svc   ClusterIP   172.21.153.145   <none>        443/TCP                                                                   52m

NAME                           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/consul-consul   3         3         3       3            3           <none>          64m

NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/vault-agent-injector   1/1     1            1           52m

NAME                                              DESIRED   CURRENT   READY   AGE
replicaset.apps/vault-agent-injector-7f847548c7   1         1         1       52m

NAME                                    READY   AGE
statefulset.apps/consul-consul-server   1/1     64m
statefulset.apps/vault                  3/3     52m

The vault is already unsealed too:

> kubectl exec -it vault-0 -- vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.3.2
Cluster Name    vault-cluster-0b740eb8
Cluster ID      02f50701-e253-20a6-5337-0f72fc9087c4
HA Enabled      true
HA Cluster      https://172.30.140.1:8201
HA Mode         active

I’m creating an Ingress where I’m trying to access to that service (service/vault) but when I try to enter the hostname in the browser it does not respond.

This is the ingress I’m creating:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/client_max_body_size: 200m
    ingress.kubernetes.io/ingress.allow-http: "false"
    ingress.kubernetes.io/ssl-redirect: "true"
  name: vault-ingress
  namespace: default
spec:
  rules:
  - host: vault.<hostname>.com
    http:
      paths:
      - path: /
        backend:
          serviceName: vault
          servicePort: 8200
  tls:
  - hosts:
    - vault.<hostname>.com
    secretName: vault-api

I’m not sure if i’m poiting to the wrong service or if the path isn’t the correct, so… any information would be helpful. Thanks!

2

I have the same problem, its possible to access via Ingress or not?

Thank you

3

Can you do a vault status from your local box into the container successfully, but just can’t see the UI?