What causes error "Operation on intention prefix denied due to ACLs'?

spuder · August 12, 2020, 2:48am

Envoy

If you are using envoy and seeing this error, ensure that the envoy init script has CONSUL_HTTP_TOKEN as an environment variable

/etc/sysconfig/consul

CONSUL_HTTP_SSL=true
CONSUL_HTTP_ADDR=127.0.0.1:8501
CONSUL_CACERT=/etc/ssl/certs/foo.pem
CONSUL_CLIENT_CERT=/etc/foo.pem
CONSUL_CLIENT_KEY=/etc/foo.key
CONSUL_HTTP_TOKEN=12345678

Then inside the systemd unit file, ensure there is this line EnvironmentFile=-/etc/sysconfig/consul

[Unit]
Description=Start envoy proxy
Requires=local-fs.target
After=local-fs.target consul.service

[Service]
Type=simple
ExecStart=/usr/local/bin/consul connect envoy --sidecar-for foobar -admin-bind localhost:19000
EnvironmentFile=-/etc/sysconfig/consul

[Install]
WantedBy=multi-user.target
Wants=consul.service

Topic		Replies	Views
Nomad with consul: No ACL token was provided to Envoy error Nomad	6	84	April 14, 2026
“ACL not found” error \| failure in service registration in consul Nomad consul-nomad	0	235	June 20, 2024
Agent.rpcclient.health ACL not found error Consul acl , nomad	6	687	October 7, 2025
Consul-connect job results in "ACL support disabled" error Nomad acl	3	5232	August 19, 2020
Consul ACL not letting sidecar-proxies been registered Consul	3	929	November 14, 2019

What causes error "Operation on intention prefix denied due to ACLs'?

Envoy

Related topics