lkysow
commented
4 years ago Hi, I think you're using the agent token. The bootstrap token is stored in a Kube secret:
Closed jiangyongbing24 closed 4 years ago
lkysow
commented
4 years ago Hi, I think you're using the agent token. The bootstrap token is stored in a Kube secret:
jiangyongbing24
commented
4 years ago Hi, I think you're using the agent token. The bootstrap token is stored in a Kube secret: -consul-bootstrap-acl-token. If you want a token for registering a service you should create your own policy and acl token or use consul login which uses the Kubernetes service account to log in and get an acl token. See https://learn.hashicorp.com/consul/security-networking/production-acls#apply-individual-tokens-to-the-services and https://www.consul.io/docs/acl/acl-auth-methods.html
I tried -consul-bootstrap-acl-token but it failed, so I used the wrong agent token, and today I suddenly realized that Opaque Secret is base64 encrypted, I forgot to decrypt!
lkysow
commented
4 years ago Oh no! So are things working now?
jiangyongbing24
commented
4 years ago yeah, it's works fine,thank you.
I use the token in the acl-tokens.json file in the mount directory for permission verification.When using this token in spring cloud consul, I found that the permission was denied.Another confusion is why after entering the token in the consul ui, there will only be a message reminding the token to be correct or wrong, and it will not jump to the policy management page. After I tried to install consul by traditional means, I found that after entering the token in the acl of the consul ui, it would jump to the policy management page.
This is my configuration file for consul-helm
Why does this happen? Is my configuration file incorrect or is it the wrong token?