Hi everyone,
I am learning Consul Service meshes in Kubernetes at the moment and after deploying the different components and having familiarized with the general environment by testeing demo-application on-boarding (hashicups and echo server), I am now trying to onboard Vault into the service mesh so that I can control with intentions who is accessing the service and benefit from the other Consul’s features.
The Vault instance runs in HA on Raft backend storage.
I added the following annotations to the statefulset:
consul.hashicorp.com/connect-inject: 'true'
consul.hashicorp.com/kubernetes-service: vault
consul.hashicorp.com/transparent-proxy: 'true'
consul.hashicorp.com/transparent-proxy-exclude-inbound-ports: 8200,8201
consul.hashicorp.com/transparent-proxy-exclude-outbound-cidrs: <core-dns-service-ip/32>
consul.hashicorp.com/transparent-proxy-exclude-outbound-ports: 8200,8201
Now, when I reload pods, they become unstable and keep reloading giving the following error:
[ERROR] storage.raft: failed to make requestVote RPC: target="{Voter vault-1 vault-1.vault-internal:8201}" error="dial tcp: lookup vault-1.vault-internal on <core-dns-service-ip>:53: no such host" term=5619
Is there anyone that was able to create this setup or that can point me in the right direction?
Thanks for the dedicated time and let me know if I need to provide any other information.