Consul on K8S federated kubernetes cluster with ACL enabled

Annbuvel · July 16, 2021, 8:39pm

Hi , Can you help us in creating a tutorial for consul on kubernetes federated with acl enabled. Recently set up consul on 2 kubernetes cluster managed by Rancher using the helm chart 0.32.1. Getting errors as below on primary

2021-07-16T20:01:08.794Z [ERROR] agent.http: Request error: method=GET url=/v1/agent/self from=22.240.35.66:42432 error="Permission denied"
2021-07-16T20:01:08.804Z [ERROR] agent.http: Request error: method=GET url=/v1/agent/metrics from=22.240.35.66:42434 error="Permission denied"
2021-07-16T20:01:09.281Z [WARN]  agent.fsm: EnsureRegistration failed: error="failed inserting node: Error while renaming Node ID: "666ab7ea-e502-d83f-ff75-30e79945952b": Node name worker-rbb-insurance-nonprod-sdc-6 is reserved by node f14421de-99d6-124f-374f-f5cfc081c399 with name worker-rbb-insurance-nonprod-sdc-6 (10.42.4.94)"
2021-07-16T20:01:10.082Z [WARN]  agent.server.rpc: RPC request to DC is currently failing as no server can be reached: datacenter=rnb
2021-07-16T20:01:10.301Z [WARN]  agent.server.rpc: RPC request to DC is currently failing as no server can be reached: datacenter=rnb
2021-07-16T20:01:10.416Z [ERROR] agent.server.memberlist.wan: memberlist: Failed to forward ack: EOF from=10.42.5.60:8302
2021-07-16T20:01:10.463Z [WARN]  agent.fsm: EnsureRegistration failed: error="failed inserting node: Error while renaming Node ID: "c6dfe602-ba81-27e3-89fd-7f41a8ceda41": Node name worker-rbb-insurance-nonprod-sdc-2 is reserved by node 1f13db23-dfdf-1d3d-17b6-839abfdd2ac0 with name worker-rbb-insurance-nonprod-sdc-2 (10.42.6.45)"
2021-07-16T20:01:13.511Z [WARN]  agent.server.rpc: RPC request to DC is currently failing as no server can be reached: datacenter=rnb
2021-07-16T20:01:13.805Z [ERROR] agent.http: Request error: method=GET url=/v1/agent/self from=22.240.35.66:42532 error="Permission denied"
2021-07-16T20:01:13.808Z [ERROR] agent.http: Request error: method=GET url=/v1/agent/metrics from=22.240.35.66:42534 error="Permission denied"
2021-07-16T20:01:13.837Z [WARN]  agent.server.rpc: RPC request to DC is currently failing as no server can be reached: datacenter=rnb
2021-07-16T20:01:14.487Z [WARN]  agent.server.memberlist.wan: memberlist: Refuting a suspect message (from: iotf-consul-rnb-server-0.rnb)

Also help in in showing sample values.yaml to use in helm installation for federated cluster with acl enabled . Apologies if i missing anything

david-yu · September 20, 2021, 6:43pm

Hi @Annbuvel sorry for the delay. We have a guide here on how to use Consul K8s federation with examples listed. It looks like you many be setting

acls:
    manageSystemACLs: true

Topic		Replies	Views
Acls errors, k8s-consul servers outside kubernetes Consul k8s	2	606	May 24, 2021
Connection failure in federation between VMs (primary) and kubernetes Consul k8s	8	2135	March 24, 2022
Strange Agent Errors with agent.anti_entropy Consul	4	2048	November 12, 2021
FinServ Proof of Concept - need to enable ACLs on k8s consul image Consul k8s	13	633	September 9, 2020
Enable ACL in consul helm chart Consul k8s , acl	0	191	October 23, 2023

Consul on K8S federated kubernetes cluster with ACL enabled

Related Topics