I am trying to deploy Vault using Vault Helm Chart. I have enabled TLS and provided the required configurations. But I have two issues:
The CN name in certificate has to be FQDN name, for example: " service.namespace.svc.cluster.local" for the vault to come up, but in this case when I am expsoing the Vault UI as NodePort Service, then certificate will not be valid for the Host in browser. How to handle this ?
Secondly, when I try to keep the Vault UI as Cluster IP only and create ingress to access it, it does not work if TLS is enabled. I created TLS secrets for ingress also with Ingress hostname as CN but always getting the error as Page is not found.
I’m not sure what you mean for your first bullet point? You would need to ensure the certificate is set to use whatever DNS name you are wanting to access Vault via (e.g. vault.example.com). These days the CN doesn’t actually matter, as browsers use the SAN.