cert-manager version update?

This topic has 2 replies, 2 voices, and was last updated 7 months, 3 weeks ago by ssd.

  • Author
    Posts
  • #26991
     ssd
    Participant

    Will the CDM work with a newer version of cert-manager? The 6.5.2 release uses 0.5.0, but the current is 0.11.0.

    #26992
     Warren Strange
    Participant

    Yes it will. You may have to tweak the installation – please make sure you review the cert-manager documentation at https://docs.cert-manager.io/en/latest/

    We are in the process of updating many of the cluster deployment scripts, and we will upgrade cert-manager at that time.

    #27064
     ssd
    Participant

    So I’ve tried this a few time and have run into problems. The goal is to use LetsEncrypt for certs, but this means using dns01 for validation since CDM wants to use a wildcard cert. I’ve used eksctl to install my EKS cluster on an existing VPC, and then installed cert-manager 0.11.0 via helm, but end up with this error trying to obtain a wildcard cert:

    unable to assume role: AccessDenied: User: 
    arn:aws:sts::1234567890:assumed-role/eksctl-fr-eks-prod-nodegroup-NodeInstanceRole-1K3522GHQXVVF/i-072308c350ddbd717 
    is not authorized to perform: 
    sts:AssumeRole on resource: 
    arn:aws:iam::1234567890:role/dns-manager

    Has anyone been able to use LetsEncrypt with AWS Route53 using either the CDM cloudformation templates (or eksctl)? I’m wondering if switching back to the CF template will solve this.

    • This reply was modified 7 months, 3 weeks ago by ssd.
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?