feat(vault): add port 8200 listener, consul SANs, consul service_registration
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

- Add SAN altnames vault.service.consul and vault.query.consul to cert
- Add vault-direct HTTPS listener on port 8200 (TLS terminate, same cert)
- Add vault-consul HTTPRoute binding consul DNS names to port 8200 listener
- Add vault-direct port 8200 entrypoint to traefik-internal
- Switch service_registration from kubernetes to consul
  (consul-server.consul.svc.cluster.local:8500)
This commit is contained in:
2026-05-23 22:08:41 +10:00
parent ba40525017
commit 0d146dc942
4 changed files with 41 additions and 1 deletions
+12
View File
@@ -12,6 +12,7 @@ metadata:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vault.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
cert-manager.io/subject-alternative-names: vault.service.consul,vault.query.consul
external-dns.alpha.kubernetes.io/hostname: vault.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
@@ -29,3 +30,14 @@ spec:
certificateRefs:
- kind: Secret
name: vault-tls
- name: vault-direct
port: 8200
protocol: HTTPS
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- kind: Secret
name: vault-tls