Vault helm chart not working with HA enabled

sumitrindhe · December 4, 2020, 12:45am

Hi,

I am using the vault helm chart and have HA mode enabled. I see the following error on the vault pods in my k8s cluster -
“A storage backend must be specified”.

This is the configuration that I am using:
" ha:
enabled: true
apiAddr: null
config: |
ui = true
listener “tcp” {
tls_disable = 1
address = “[::]:8200”
cluster_address = “[::]:8201”
}
storage “consul” {
path = “vault”
address = “HOST_IP:8500”
}"

I have deployed consul using consul helm chart.
Not sure what am I missing here!

jlj7 · December 4, 2020, 8:51am

Hi!

What is HOST_IP in your configuration? Typically, it’ll be your Consul agent, running alongside your Vault node; so, it’ll be the same IP address as your TCP listener. Then it’s that agent that communicates with your Consul servers providing the HA back-end storage.

Vault doesn’t know about your datacenter, or where the Consul servers are, or who’s their leader, etc.

HashiCorp has a great tutorial on setting this up:

Good luck!

sumitrindhe · December 7, 2020, 5:46pm

Thanks jilj7.

I gave the HOST_IP as localhost since consul agent and vault will be running on the same node. I will go through the linked hashicorp tutorial and see if I am missing anything here.

sumitrindhe · December 18, 2020, 12:13am

The issue is resolved. The problem was with my configuration.
I am using terraform to deploy helm charts. The ha config in values.yaml was accidentally being overwritten while setting seal “awskms” from my terraform code