When doing service catalog sync in consul running on k8s with an external consul cluster, I’m seeing this error on the acl init pods
PermissionDenied desc = Permission denied: token with AccessorID '#####' lacks permission 'service:write' on \"any service\""
Where does the docs say that permission is required? I was using
manageSystemACLs: true and gave the bootstrap toke the ability to write acls. So I thought that would establish the acls?
global: enabled: false acls: manageSystemACLs: true bootstrapToken: secretName: bootstrap-token secretKey: token tls: enabled: true caCert: secretName: consul-ca-cert secretKey: tls.crt caKey: secretName: consul-ca-key secretKey: tls.key enableAutoEncrypt: true verify: false client: enabled: true # Set this to true to expose the Consul clients using the Kubernetes node # IPs. If false, the pod IPs must be routable from the external servers. exposeGossipPorts: true join: - 'hosts' connectInject: enabled: false externalServers: enabled: true hosts: - 'hosts' syncCatalog: enabled: true toConsul: true toK8S: false