Basically I am using Application Load balancer infront of vault & consul setup … So I want to restrict the write calls at Load balancer , sothat my vault shouldnt receive write calls…
- You should not do that. There is no reason to restrict write calls (I’m assuming you mean POST, PUT, PATCH?)
- I’d highly recommend not exposing consul via the load balancer, nothing other than Vault (consul agents running on the vault nodes) should be talking to those backend servers. If you need to use service registration then setup another cluster.
As far as how to setup LB for Vault. You can use a the sys/health end point: /sys/health - HTTP API | Vault by HashiCorp to determine which node is doing what: /sys/health - HTTP API | Vault by HashiCorp