I setup a HA vault cluster with RAFT backend and there is something I don’t quite understand.
For a client to connect to the cluster, it must uses VAULT_ADDR.
According to the doc, it is better to avoid a LB in frontend of vault and each vault node redirects to the active node, so if VAULT_ADDR does not direct to the active node, this node will redirect the connexion to the active node. Ok, that I understand.
My question is:
What happens when the node that VAULT_ADDR references is down, I mean completely down (the server is broken, vault does not work anymore on it) ? How is the client redirected to the rest of the cluster ?
Is it possible to put multiple addresses in the VAULT_ADDR for the client to switch automatically if the first address is unreachable ?