November 1, 2019 at 9:27 pm #26991ssdParticipant
Will the CDM work with a newer version of cert-manager? The 6.5.2 release uses 0.5.0, but the current is 0.11.0.November 1, 2019 at 10:17 pm #26992Warren StrangeParticipant
Yes it will. You may have to tweak the installation – please make sure you review the cert-manager documentation at https://docs.cert-manager.io/en/latest/
We are in the process of updating many of the cluster deployment scripts, and we will upgrade cert-manager at that time.November 11, 2019 at 9:42 pm #27064ssdParticipant
So I’ve tried this a few time and have run into problems. The goal is to use LetsEncrypt for certs, but this means using dns01 for validation since CDM wants to use a wildcard cert. I’ve used eksctl to install my EKS cluster on an existing VPC, and then installed cert-manager 0.11.0 via helm, but end up with this error trying to obtain a wildcard cert:
unable to assume role: AccessDenied: User: arn:aws:sts::1234567890:assumed-role/eksctl-fr-eks-prod-nodegroup-NodeInstanceRole-1K3522GHQXVVF/i-072308c350ddbd717 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::1234567890:role/dns-manager
Has anyone been able to use LetsEncrypt with AWS Route53 using either the CDM cloudformation templates (or eksctl)? I’m wondering if switching back to the CF template will solve this.
- This reply was modified 10 months, 3 weeks ago by ssd.
You must be logged in to reply to this topic.