@byronmansfield I’m a colleague of @Farhan1989. From what I recall of the issue, we were using the Consul server CA cert to establish trust. But $HOST_IP actually refers to the Consul client - an important distinction.
Solution is to add the Consul client CA cert to the container CA store. This can be done using consul-k8s per my instructions here:
Search in my post for the line “We also want to talk to the Consul client” - this is where I begin explaining retrieval of the client CA cert.
I hope this helps and saves you some time 