Open ForcemCS opened 4 months ago
I have deployed consul in my k8s cluster (with ACL and TLS enabled), and the list of resources is as follows
root@master01:~/consul# kubectl -n consul get pods,svc NAME READY STATUS RESTARTS AGE pod/consul-client-cdwgb 1/1 Running 0 4h pod/consul-client-rfgvm 1/1 Running 0 4h pod/consul-client-z4mbx 1/1 Running 0 4h pod/consul-cni-cxrfp 1/1 Running 0 20h pod/consul-cni-lg6qj 1/1 Running 0 20h pod/consul-cni-nvqnp 1/1 Running 2 (20h ago) 20h pod/consul-connect-injector-57dc4c99fc-wdqf4 1/1 Running 1 (46m ago) 3h59m pod/consul-server-0 1/1 Running 0 20h pod/consul-server-1 1/1 Running 0 20h pod/consul-server-2 1/1 Running 0 20h pod/consul-webhook-cert-manager-6548987cf6-bctkr 1/1 Running 0 20h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/consul-connect-injector ClusterIP 10.109.60.72 <none> 443/TCP 20h service/consul-dns ClusterIP 10.102.3.39 <none> 53/TCP,53/UDP 20h service/consul-server ClusterIP None <none> 8501/TCP,8502/TCP,8301/TCP,8301/UDP,8302/TCP,8302/UDP,8300/TCP,8600/TCP,8600/UDP 20h service/consul-ui NodePort 10.102.174.59 <none> 443:32693/TCP 20h
Then helm deployed vault, I want to use consul as storage, but I don’t know how to modify values.yaml properly(consul has ACL and TLS enabled, I think my yaml file is missing something), the part about vault configuration is as follows
...... ha: enabled: true replicas: 3 config: | cluster_name = "vault-consul-storage" ui = true listener "tcp" { #启用tls tls_disable = 0 # address = "[::]:8200" # cluster_address = "[::]:8201" tls_cert_file = "/vault/userconfig/vault-ha-tls/vault.crt" tls_key_file = "/vault/userconfig/vault-ha-tls/vault.key" tls_client_ca_file = "/vault/userconfig/vault-ha-tls/vault.ca" } storage "consul" { path = "vault/"
I have deployed consul in my k8s cluster (with ACL and TLS enabled), and the list of resources is as follows
Then helm deployed vault, I want to use consul as storage, but I don’t know how to modify values.yaml properly(consul has ACL and TLS enabled, I think my yaml file is missing something), the part about vault configuration is as follows