I am currently deploying Consul with TLS enabled and Vault in HA mode on top of Consul.
In both cases I am deploying using the Helm charts and I am deploying both clusters in separate namespaces, ie. consul in the consul namespace, vault in the vault namespace.
For now, I am creating the TLS CA and server certificates using
consul tls create commands, and installing these as k8s secrets in both namespaces (vault and consul), whilst adding the extraVolume mounts in the Helm chart
.yaml files accordingly.
Consul works fine with TLS, and Raft works fine. I have 3 instances, and 1/3 is a leader at all times. There are no errors in my logs related to bad certificate names, or any other errors, and I can port-forward on port 8501 to access the UI with HTTPS, in addition to extracting the CA certificate if necessary.
However, I am encountering a very annoying problem when I am deploying Vault. Regardless of how I setup the values in my
.yaml file for the Helm chart installation, I keep getting:
/ $ vault status Error checking seal status: Get "http://127.0.0.1:8200/v1/sys/seal-status": dial tcp 127.0.0.1:8200: connect: connection refused / $ vault operator init Error initializing: Put "http://127.0.0.1:8200/v1/sys/init": dial tcp 127.0.0.1:8200: connect: connection refused / $
If I port-forward port 8200, and do a curl on http(s)://localhost:8200 I get a timeout , or a (35) SSL_ERROR_SYSCALL, or a (56) Recv Failure. This is regardless of whether I disable TLS, or not in my Vault values
I am truly stuck on this, so any help would be greatly appreciated.