I am using the vault helm chart and have HA mode enabled. I see the following error on the vault pods in my k8s cluster -
“A storage backend must be specified”.
This is the configuration that I am using:
" ha:
enabled: true
apiAddr: null
config: |
ui = true
listener “tcp” {
tls_disable = 1
address = “[::]:8200”
cluster_address = “[::]:8201”
}
storage “consul” {
path = “vault”
address = “HOST_IP:8500”
}"
I have deployed consul using consul helm chart.
Not sure what am I missing here!
What is HOST_IP in your configuration? Typically, it’ll be your Consul agent, running alongside your Vault node; so, it’ll be the same IP address as your TCP listener. Then it’s that agent that communicates with your Consul servers providing the HA back-end storage.
Vault doesn’t know about your datacenter, or where the Consul servers are, or who’s their leader, etc.
HashiCorp has a great tutorial on setting this up:
I gave the HOST_IP as localhost since consul agent and vault will be running on the same node. I will go through the linked hashicorp tutorial and see if I am missing anything here.
The issue is resolved. The problem was with my configuration.
I am using terraform to deploy helm charts. The ha config in values.yaml was accidentally being overwritten while setting seal “awskms” from my terraform code