UNCLASSIFIED - NO CUI

Skip to content

Vault / Prometheus integration fails

Bug

Description

When enabling Vault and the Monitoring chart, the default bigbang values for Monitoring add in annotations for prometheus to configure it for the vault init agent as seen here. However, we set the tls server name to only the domain and not vault.{{ .Values.domain }}. This can lead to a TLS verification issue if the cert does not include the domain by itself.

In my environment, I have a dedicated cert for Vault that only includes the hostname for the application.

BigBang Version

3.7.1

Workaround

As a workaround, the following can be added to your bigbang values file to set the annotation:

monitoring:
  prometheus:
    prometheusSpec:
      podMetadata:
        annotations:
          vault.hashicorp.com/tls-server-name: vault.{{ .Values.domain }}
Edited by Daniel Palmer