Vault ingress not resolving with Kong ingress controller

I’ve deployed an HA vault on my cluster alongside Kong ingress controller.

I’m having some troubles in resolving the vault ingress in my browser when creating the ingress object for vault.

The kong deployment uses the default helm values, so no overrides.

The vault deployment for the ingress is defined as below:

    enabled: true
    annotations: "false" "HTTPS"
      # dns.annotations
      # cert-manager.annotations

    ingressClassName: kong
    pathType: Prefix
    activeService: false # have also tried to set this to true (default value)
      - host:
        paths: [/]
      - secretName: vault-ingress-tls

I also have argocd deployed in the cluster and its resolving just fine.

What’s weird is I know I can make this resolve just fine on nginx ingress.

In the kong-ingress logs

2023/12/15 17:16:43 [error] 1280#0: *44475 readv() failed (104: Connection reset by peer) while reading upstream, client:, server: kong, request: "GET /ui/ HTTP/2.0", upstream: "", host: "", request_id: "1234567890abcdefghiklmnop"

In the vault-0 pod logs

2023-12-15T19:16:11.961Z [INFO]  http: TLS handshake error from tls: client offered only unsupported versions: [302 301]
2023-12-15T19:16:17.377Z [INFO]  http: TLS handshake error from remote error: tls: unknown certificate

Replying in case someone else comes across this.

This is more related to kong than it is to vault.

The fix ended up being to add this annotations:

.Value.server.ingress: "kong" https

.Value.server.service: https
1 Like

Thank you for sharing the solution!