Add policy Token using helm during consul deployment


Hi all, probably a silly question but i’ll fire away… i’m learning Consul and spun up a cluster in k8s using helm chart. I enabled acl’s and adding servicemonitor to scrape /v1/agent/metrics?prometheus. i am getting access denied unless i grant the necessary access to default policy.

My plan is to create new policy for prometheus and get token and pass it to servicemonitor from the same helm chart which i use to install consul. Also create few other default policies which we need for vault or our terraform admins.

can you please advise on how we can achieve this or if any code exists already?

Hi @praveen.vemuri4u

There isn’t a way currently to do this automatically via the Consul Helm chart. You can create tokens and policies yourself though by talking to consul CLI or API and then pass the token to the service monitor.

Hope this helps

Thanks Ishustava for your response.

I am working on adding a job to consul helm chart to mount bootstrap token and shell script to create policy/token and then create k8s secret which will be mounted by servicemonitor from the same chart/repo. we just want to maintain servicemonitors in the same tool repos…

That makes sense.

We’re looking to add support for service monitor in the future, but don’t have an ETA for this yet. cc @david-yu