Jared Kirschner

Hi @ferhatvurucu, I have a few follow-up questions that may help reveal what's happening here: - Can you share the server agent configuration with any sensitive details sanitized? - Are...

My understanding is that you'd only need the `grpc` ports for: 1. Consul client agent / dataplane proxy communication with Envoy proxies 2. Cluster peering communication between Consul server agents...

Leaving some breadcrumbs for the future based on some initial digging into the code: When tracking down what generates the SPIFFE ID related error message, I found that it attempts...

I've since seen indication that a SPIFFE ID in the form `xxx.consul/agent/server/dc/dc1` is normal, so it's probable that my comments above are based on a misreading of the relevant code....

Which Nomad version are you using? Per the [Consul 1.14.x upgrade docs](https://developer.hashicorp.com/consul/docs/upgrading/upgrade-specific#service-mesh-compatibility): > The changes to Consul service mesh in version 1.14 are incompatible with Nomad 1.4.2 and earlier. If...

Were you on Nomad 1.4.3 at the time you reported this issue? Or just upgraded now? It sounds like the former, but wanted to double-check.

Hi @karelorigin, Your Vault policy looks correct to me. It follows the suggestions in the documentation for "Vault managed PKI paths". You mentioned that things start to break after 72...

It looks like that Vault fix is intended to be released in Vault 1.14.0: https://github.com/hashicorp/vault/pull/19002#issuecomment-1479733111

Hi @kevinschoonover, Thank you for reporting the underlying issue you observed and submitted a PR against it. Historically, Consul has been inconsistent about case sensitivity in some areas. Long-term, we're...

Hi @vijayraghav-io and @reskin89: I'm acknowledging that I saw your messages and the team is internally discussing this (the proposed solution and the underlying problem it intends to address). I'll...