You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue tracks small cleanup items related to version 8 ACL support.
When bootstrapping, servers will emit a bunch of errors until they are set up with an agent token. See this thread for an example. We can't let servers bypass ACL checks when registering for themselves for node info (similar to how we let them pull out nodes, expire sessions, etc.), but we can take the consul service out of local state since it's managed by the leader. This will simplify the ACLs required for a server.
Since we can't bypass ACLs for node information (tagged addresses, coordinates), we need to improve the documentation around bootstrapping servers with detailed examples.
Add a note to the documentation about acl_agent_token needing read access to all services that will be registered on that agent for anti-entropy sync.
Need to improve the examples around how the anonymous token works.
The text was updated successfully, but these errors were encountered:
This issue tracks small cleanup items related to version 8 ACL support.
consulservice out of local state since it's managed by the leader. This will simplify the ACLs required for a server.acl_agent_tokenneeding read access to all services that will be registered on that agent for anti-entropy sync.The text was updated successfully, but these errors were encountered: