Hi,
I have deployed Consul in HA mode to a on-prem K8s cluster using helm (chart version 0.22.0) and Vault using the consul storage stanza (chart version v0.6.0)
Consul comes up fine. Vault crash loops with the following log on vault-0
Error initializing listener of type tcp: 'tls_cert_file' must be set
I then add in a cert lying around my cluster and Vault comes up, initializes, and unseals. Access to the UI then stops presenting.
the ha config looks like:
ui = true
api_addr = "https://POD_IP:8201"
listener "tcp" {
tls_disable = 0
address = "0.0.0.0:8200"
tls_key_file = "/etc/pem/af-consul-server-cert/tls.key"
tls_cert_file = "/etc/pem/af-consul-server-cert/tls.crt"
# cluster_address = "[::]:8201"
}
storage "consul" {
path = "vault"
address = "HOST_IP:8501"
token = "tokenxxxxx"
tls_skip_verify = "true"
scheme = "https"
# tls_ca_file = "/etc/pem/vault.ca"
}
seal "transit" {
address = "ip address to master vault"
disable_renewal = "false"
key_name = "xxxxkeyname"
mount_path = "transit/"
tls_skip_verify = "true"
}
service_registration "kubernetes" {}
Is anyone able to provide some guidance?