Consul connect-inject ACL issue

ahlae · August 23, 2021, 9:07pm

Installing consul 1.10.0 and consul-k8s-control-plane 0.33.0 with the official HashiCorp helm chart on Kubernetes v1.21.2-eks-0389ca3 gives the following error in the connect-inject init container:

Unable to get Agent services: error=“Unexpected response code: 403 (ACL not found)”

manageSystemACLs is set to true

As far as I understand this should be enough to get proxying between services to work. Consul 1.9.4 with consul-k8s 0.25.0 on v1.19.13-eks-8df270 does work with this setting.

lkysow · August 23, 2021, 9:37pm

Sounds similar to consul-connect-inject-init failing · Issue #625 · hashicorp/consul-k8s · GitHub

darkn3rd · September 28, 2022, 9:57am

According to that issue, it looks like the person that filed the issue didn’t configure a service account:

By default when ACLs are enabled or when ACLs default policy is allow, Consul will automatically configure proxies with all upstreams from the same datacenter. When ACLs are enabled with default deny policy, you must supply an intention to tell Consul which upstream you need to talk to. (ref)

Topic		Replies	Views
FinServ Proof of Concept - need to enable ACLs on k8s consul image Consul k8s	13	633	September 9, 2020
K8S job server-acl-init failed to switch to Consul server Consul k8s	0	453	December 15, 2022
Issue connecting to services in remote dc when using federated consul cluster Consul	2	322	April 7, 2022
ACLs required to use Consul Connect? Consul k8s , connect	0	314	September 30, 2022
error="ACL not found: auth method "consul-k8s-component-auth-method" not found" Consul	0	292	July 17, 2022

Consul connect-inject ACL issue

Related Topics