Hello,
I see from the official Vault Helm Chart that the service can be exposed.
# Enables a headless service to be used by the Vault Statefulset
service:
enabled: true
# clusterIP controls whether a Cluster IP address is attached to the
# Vault service within Kubernetes. By default the Vault service will
# be given a Cluster IP address, set to None to disable. When disabled
# Kubernetes will create a "headless" service. Headless services can be
# used to communicate with pods directly through DNS instead of a round robin
# load balancer.
# clusterIP: None
# Configures the service type for the main Vault service. Can be ClusterIP
# or NodePort.
#type: ClusterIP
# If type is set to "NodePort", a specific nodePort value can be configured,
# will be random if left blank.
#nodePort: 30000
# Port on which Vault server is listening
port: 8200
# Target port to which the service should be mapped to
targetPort: 8200
# Extra annotations for the service definition. This can either be YAML or a
# YAML-formatted multi-line templated string map of the annotations to apply
# to the service.
annotations: {}
However, I only see it possible with NodePort or ClusterIP. What if I want to expose it via an AWS LoadBalancer (internal) so other applications within the same VPC can access it? I do not see any documentation about that, but in the Values file I just put type: LoadBalancer and the annotations that I need (ACM Certificate, Internal-facing and so).
Is it there any specific reason why it is not in the documentation?
Thanks