-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helm: Support a pre-set bootstrap ACL token #657
Comments
Note: the api we use to bootstrap ACLs doesn't support setting the bootstrap key so we'd need to take that secret and set it as the value of the acl_tokens_master key in each server config. |
This has already been implemented and documented here: https://www.consul.io/docs/k8s/helm#v-global-acls-bootstraptoken |
Re-opening since I was mistaken, revised the description based on further discussion. |
Closing as this is partially addressed via #1061, where Vault is used as the secrets backend to specify a pre-set bootstrap ACL token. This support was built for Vault since setting a pre-set bootstrap token via String is what works well with a KV secrets engine like Vault. If a more generic solution is needed please open a new issue. |
Community Note
Description
We currently support the following use case with Consul K8s:
If I have a Consul cluster, I can manually bootstrap ACLs and extract the boostrap token into a Kubernetes secret (i.e. create a Kubernetes secret manually after
consul acl bootstrap
).However, the following use case is what this feature request is tracking:
I don't have a Consul cluster yet and I want to start one with bootstrap token defined via a String value. Could we support setting the master token ahead of time prior to the installation? For example if
global.acls.bootstrapToken
was set to a secret we would use the value in the secret.The text was updated successfully, but these errors were encountered: