helm:Increasing number of servers with ACLs enabled fails #677
Labels
area/acls
Related to ACLs
Comments
|
Having the same issue. Finding the acl management to be extremely fragile. |
t-eckert
changed the title
lawliet89
pushed a commit
to lawliet89/consul-k8s
that referenced
this issue
Sep 13, 2021
* Add acceptance tests for health checks on consul-ent * update ci timeouts because of ns delete taking a while * add helper function to make tests pass
|
Closed by #832 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If the number of server replicas is increased, the new servers don't get ACL tokens applied to them and so they can't function properly.
The way the initial set of servers get their ACL tokens is via the
server-acl-initJob that makes an agent token update API call. This is then stored on persistent disk for each of those servers. When a new server comes up as a result of increasing the number of replicas, it doesn't have an ACL token on disk and the server-acl-init job doesn't make the token update API call because it thinks the servers are already bootstrapped.A workaround for now is to manually retrieve the
agent-tokenfrom Consul and manually apply it to the new servers.The text was updated successfully, but these errors were encountered: