consul-smi-controller icon indicating copy to clipboard operation
consul-smi-controller copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Error issuing ACL token

Open chzbrgr71 opened this issue 6 years ago • 2 comments

Trying out this SMI demo with AKS on Azure. I have Consul installed and I'm following the "Deploying the Consul SMI Controller" steps.

When I run consul acl token create -description "read/write access for the consul-smi-controller" -policy-name global-management I get an error. I do have a port-forward to my consul server pod.

Error: Failed to create new token: Unexpected response code: 403 (Permission denied)

I imagine I need to pass some sort of creds, but not sure where this gets setup?

chzbrgr71 avatar Jun 24 '19 17:06 chzbrgr71

@chzbrgr71 - I have this working. I had some issues initially, but @nicholasjackson helped me resolve some of the final ones.

Are you using a non-default namespace for installation? That is what caught me out. Submitting a few PRs to correct some assumptions.

paulbouwer avatar Jun 25 '19 07:06 paulbouwer

@chzbrgr71 the docs could do with a minor update sorry. I think this is because you are not using an ACL token when running the consul acl command. You can use the following command to retrieve the token from Kubernetes secrets and set it as the correct environment variable which will be picked up by the Consul CLI.

  export CONSUL_HTTP_TOKEN=$(kubectl get secrets consul-consul-bootstrap-acl-token -o yaml | sed -E -n 's/ *token: *(.*)/\1/p' | base64 -D)

  echo ACL Token for Accessing Consul: ${CONSUL_HTTP_TOKEN}

I will update the docs with this process

nicholasjackson avatar Jun 25 '19 08:06 nicholasjackson