Configure your Istio values.yaml to exclude your database port.

Services within Vault make use of Istio's Sidecar custom resource definition to list the

discoverable upstream resources within the service mesh and restrict traffic to resources

outside of the mesh. The port on which Vault services will access the Vault database must

be excluded from the service mesh. If this is not configured correctly, the database server

will not be reachable from Vault services and functionality of Vault will be impaired. You can

configure this using the istio.proxy.exclude_outbound_ports setting in the values.yaml file.

Only exclude the database port in this setting