helm: Support a pre-set bootstrap ACL token

[lkysow]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Description

We currently support the following use case with Consul K8s:

If I have a Consul cluster, I can manually bootstrap ACLs and extract the boostrap token into a Kubernetes secret (i.e. create a Kubernetes secret manually after consul acl bootstrap).

However, the following use case is what this feature request is tracking:

I don't have a Consul cluster yet and I want to start one with bootstrap token defined via a String value. Could we support setting the master token ahead of time prior to the installation? For example if global.acls.bootstrapToken was set to a secret we would use the value in the secret.

[lkysow]

Note: the api we use to bootstrap ACLs doesn't support setting the bootstrap key so we'd need to take that secret and set it as the value of the acl_tokens_master key in each server config.

[david-yu]

This has already been implemented and documented here: https://www.consul.io/docs/k8s/helm#v-global-acls-bootstraptoken

[david-yu]

Re-opening since I was mistaken, revised the description based on further discussion.

[david-yu]

Closing as this is partially addressed via #1061, where Vault is used as the secrets backend to specify a pre-set bootstrap ACL token. This support was built for Vault since setting a pre-set bootstrap token via String is what works well with a KV secrets engine like Vault. If a more generic solution is needed please open a new issue.