Where/how can I define hcl definitions?

Hello,
I’ve installed Consul on Kubernetes and need to create an acl/policy.

it is a bug or not, I don’t know; I am not able to do it on “server” pod/s; where/how can I define policies for Consul?

$ k exec -n consul -it consul-consul-server-1 -- sh
/ $ sudo tee vault-acl.hcl  >/dev/null <<EOF
> {
>   "key_prefix": {      
>     "vault/": {        
>       "policy": "write"
>     }
>   },
>   "service": {
>     "vault": {
>       "policy": "write"
>     }
>   },
>   "agent_prefix": {    
>     "": {
>       "policy": "read" 
>     }
>   },
>   "session_prefix": {  
>     "": {
>       "policy": "write"
>     }
>   }
> }
> EOF
sh: sudo: not found      
/ $ tee vault-acl.hcl  >/dev/null <<EOF
> {
>   "key_prefix": {
>     "vault/": {  
>       "policy": "write"
>     }
>   },
>   "service": {
>     "vault": {
>       "policy": "write"
>     }
>   },
>   "agent_prefix": {    
>     "": {
>       "policy": "read" 
>     }
>   },
>   "session_prefix": {  
>     "": {
>       "policy": "write"
>     }
>   }
> }
> EOF
tee: vault-acl.hcl: Permission denied
/ $

Thanks & Regards

You seem to be trying to write your policy to the filesystem of the Consul server pods - why?

Policies are managed using the Consul HTTP API, either directly, or via the built in web UI, which is a good choice whilst you’re learning and getting started.

Also, your policy is written in JSON, not HCL, which is only really intended for when you need to process it with automated tools that can’t cope with HCL. Actual native HCL is much easier for humans to read:

key_prefix "vault/" {
  policy = "write"
}

service "vault" {
  policy = "write"
}

agent_prefix "" {
  policy = "read"
}

session_prefix "" {
  policy = "write"
}

I have no special cause, I didn’t know a more suitable way.