Below is my consul ACL policies for Consul 0.8.1 along with my consul config,

annonomus.hcl

key "lock/" {
  policy = "write"
}
service "" {
  policy = "write"
}
node "" {
  policy = "write"
}
session "" {
  policy = "write"
}
agent "" {
  policy = "write"
}

consul.hcl

{
  "ca_file": "/etc/tls/ca.pem",
  "cert_file": "/etc/tls/consul.pem",
  "key_file": "/etc/tls/consul-key.pem",
  "verify_incoming": true,
  "verify_outgoing": true,
  "verify_server_hostname": true,
  "acl_datacenter": "dc1",
  "acl_default_policy": "deny",
  "acl_master_token": "unique_uuid_here",
  "acl_agent_master_token": "another_unique_uuid_here",
  "ports": {
    "https": 8443
  }
}

vault.hcl

key "vault/" { 
  policy = "write"
}
service "vault" {
  policy = "write"
} 
node "" {
  policy = "write"
}
session "" {
  policy = "write"
}

This is the consul setup from https://github.com/kelseyhightower/consul-on-kubernetes with the following added

• ACL Config
• acl_agent_master_token added to the job for joining reasons

Then I took the vault setup from here https://github.com/drud/vault-consul-on-kube and just adjusted the consul pods to pull in the same consul config and use the vault-token i created with in consul

I'll post the full repo later.