diff --git a/website/content/docs/k8s/installation/vault/connect-ca.mdx b/website/content/docs/k8s/installation/vault/connect-ca.mdx
index 693c0b1953..6c33e161ae 100644
--- a/website/content/docs/k8s/installation/vault/connect-ca.mdx
+++ b/website/content/docs/k8s/installation/vault/connect-ca.mdx
@@ -11,6 +11,8 @@ description: >-
 Consul allows using Kubernetes auth methods to configure Connect CA.
 This allows for automatic token rotation once the renewal is no longer possible.
 
+In order to create Vault auth roles for the Consul servers for this feature, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method).
+
 To configure [Vault as the provider](/docs/connect/ca/vault) for the Consul service certificates,
 you will first need to decide on the type of policy that is suitable for you.
 To see the permissions that Consul would need in Vault, please see [Vault ACL policies](/docs/connect/ca/vault#vault-acl-policies)
diff --git a/website/content/docs/k8s/installation/vault/gossip.mdx b/website/content/docs/k8s/installation/vault/gossip.mdx
index b5933cb296..cea8d69237 100644
--- a/website/content/docs/k8s/installation/vault/gossip.mdx
+++ b/website/content/docs/k8s/installation/vault/gossip.mdx
@@ -34,11 +34,7 @@ path "secret/data/consul/gossip" {
 vault policy write gossip-policy gossip-policy.hcl
 ```
 
-Prior to creating auth roles for the Consul server and client, ensure that the Vault Kubernetes auth method is enabled:
-
-```shell-session
-vault auth enable kubernetes
-```
+Prior to creating Vault auth roles for the Consul servers and clients, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method).
 
 Next, we will create Kubernetes auth roles for the Consul server and client:
 
diff --git a/website/content/docs/k8s/installation/vault/index.mdx b/website/content/docs/k8s/installation/vault/index.mdx
index 9008d5bd49..df1bc25dc4 100644
--- a/website/content/docs/k8s/installation/vault/index.mdx
+++ b/website/content/docs/k8s/installation/vault/index.mdx
@@ -25,12 +25,47 @@ At a high level, there are two points of integration with Vault:
 1. `global.tls.enableAutoencrypt=true` is required if TLS is enabled for the Consul installation when using the Vault secrets backend.
 1. The Vault installation must have been initialized, unsealed and the KV2 and PKI secrets engines enabled and the Kubernetes Auth Method enabled.
 
+### Vault Helm Config
+
 A minimal valid installation of Vault must include the Agent Injector:
 ```yaml
 injector:
   enabled: "true"
 ```
 
+### Vault Kubernetes Auth Method
+
+Prior to creating Vault auth roles for the Consul servers and clients, ensure that the Vault Kubernetes auth method is enabled:
+
+```shell-session
+$ vault auth enable kubernetes
+```
+
+After enabling the Kubernetes auth method, in Vault, ensure that you have configured the Kubernetes Auth method properly as described in [Kubernetes Auth Method Configuration](https://www.vaultproject.io/docs/auth/kubernetes#configuration). The command should look simliar to the following with a custom `kubernetes_host` config provided from the information provided via `kubectl cluster-info`. 
+
+```shell-session
+$ vault write auth/kubernetes/config \
+    token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+    kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
+    kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+```
+
+### Vault KV Secrets Engine - Version 2
+
+In order to utlize Vault as a secrets backend, we must enable thne [Vault KV secrets engine - Version 2](https://www.vaultproject.io/docs/secrets/kv/kv-v2).
+
+```shell-session
+$ vault secrets enable -path=consul kv-v2
+```
+
+### Vault PKI Engine
+
+The Vault PKI Engine must be enabled in order to leverage Vault for issuiing Consul Server TLS certificates. More details for configuring the PKI Engine is found in [Bootstrapping the PKI Engine](https://www.consul.io/docs/k8s/installation/vault/server-tls#bootstrapping-the-pki-engine) under the Server TLS section. 
+
+```shell-session
+$ vault secrets enable pki
+```
+
 ## Known Limitations
 
 - TLS
diff --git a/website/content/docs/k8s/installation/vault/server-tls.mdx b/website/content/docs/k8s/installation/vault/server-tls.mdx
index 40d221d1f1..f0ad831835 100644
--- a/website/content/docs/k8s/installation/vault/server-tls.mdx
+++ b/website/content/docs/k8s/installation/vault/server-tls.mdx
@@ -100,11 +100,7 @@ export DATACENTER=dc1
 echo allowed_domains=\"$DATACENTER.consul, $NAME-server, $NAME-server.$NAMESPACE, $NAME-server.$NAMESPACE.svc\"
 ```
 
-Prior to creating the Kubernetes auth roles required for Consul to securely access Vault, ensure that the Vault Kubernetes Auth method is enabled:
-
-```shell-session
-vault auth enable kubernetes
-```
+Prior to creating Vault auth roles for the Consul server and the Consul components, ensure that the Vault Kubernetes auth method is enabled as described in [Vault Kubernetes Auth Method](/docs/k8s/installation/vault#vault-kubernetes-auth-method).
 
 Finally, two Kubernetes auth roles need to be created, one for the Consul servers and one for the Consul components: