Hashicorp was really awesome and fixed my issue. For anyone else facing this, the following block added to my vault config fixed the issue after a restart of the vault and consul service:
service_registration "consul" {
address = "127.0.0.1:8500"
service_address = ""
}
If you don’t specify an address when registering a service, Consul infers that the service is running on the same node the Consul client you registered the service with is running on. When this happens, you get a SRV record like
example.node.dc1.consul.
. If you specify an address, Consul will generate an address based on either the FQDN or node IP depending upon the logic specified in the code above.
By default, Vault registers with Consul by specifying a service address set to the same address as the HA redirect address (i.e., theapi_addr
in the config). This triggers the behavior that generates the*.addr.consul
SRV records. You can cause Vault to switch back to the inferred behavior by adding a block like this to your Vault config