We have successfully enabled the ACL subsystem on our Nomad cluster by setting
acl.enabled = true for all the Nomad servers on the cluster. It appears that the ACL works as expected without needing to set
acl.enabled = true for the Nomad clients on the cluster.
For example, Nomad CLI commands run from a client (without
acl.enabled = true) are still gated with 403 (Permission Denied), as expected.
While the Nomad ACL docs do mention enabling ACL’s on Nomad clients, there is no additional information about why it is needed.
As our cluster has many clients, it would save us time if we did not have to explicitly enable ACL for every client.
To summarize - we would like to know if it is absolutely required that the Nomad clients also have their configuration updated to enable ACL, even though the ACL subsystem appears to already work by just enabling ACL on the Nomad servers.