[Feature Request]: Alternative installation method to helm ie manifest to be applied using kubectl about aws-privateca-issuer HOT 7 CLOSED

Thank you for submitting the feature request. We will review the request and get back to you.

from aws-privateca-issuer.

Hi @hassanSRE, I spoke to the team and we would like to know more about your usecase. Can you please tell us more about the limitations that prevent you from using helm and why kubectl is required instead?

from aws-privateca-issuer.

Hi @divyansh-gupta. Hassan opened the ticket on our behalf, so I can chime in.

We currently run a number of Kubernetes clusters in production and have developed our own templating mechanism (using kustomize and some other in-house tools and scripts) to play nice with our various CI/CD tools.

We don't currently use , nor do we foresee using helm in the near future. However, we would like to make use of this plugin to streamline the process of issuing/renewing ACM certificates for the nginx ingress controllers running in our kubernetes clusters.

As a workaround, we've tried to generate the installation manifests from the helm chart using
helm install awspca/aws-privateca-issuer --generate-name --dry-run -o yaml
but the resulting yaml seems to be missing the necessary CRD and Issuer resources, among possibly others.

from aws-privateca-issuer.

Hello, we're interested to hear why you are unable to use helm install. When you run helm install, the CRDs for the plugin are installed, as well as the controller necessary. After this is installed, you are responsible for creating an Issuer or a ClusterIssuer. Examples for these configurations can be found in config/examples and config/samples.

from aws-privateca-issuer.

We aren't unable to run helm install, but we do not use helm at all in our organization. It is a decision that was made some time ago for different reasons. All of the deployments into our kubernetes clusters are done without the use of helm and introducing a new tool into our toolchain is not something that we can do quickly. Moreover, we are not interested in using helm at all in our organization at this time.

I personally have helm installed on my workstation and am able to get the aws-pca installed into a test cluster. I see that it creates a number of CRDs in addition to the Deployment and Service. However, when inspecting the output of the --dry-run -o yaml, I do not see the issuer CRDs in the manifest.

from aws-privateca-issuer.

This makes sense, thank you for the clarification. Here is what we discovered after digging in...

You have 2 options in terms of installing without helm install

1. You can use the following to install the correct CRDs (recommended)

helm template --name-template={release_name} --include-crds awspca/aws-privateca-issuer > a.yaml
kubectl apply -f

2. You can follow the example in this repository to install with Kustomize and without helm. We tried to follow the example and found it difficult: https://github.com/cert-manager/sample-external-issuer/blob/main/Makefile#L71

To remedy this in the future:

1. We will add an item to our backlog to explore alternative installation methods
2. If you would like this urgently, please feel free to cut us a PR!

I'm going to close this issue, but feel free to reopen if you have questions or comments.

from aws-privateca-issuer.

Excellent. Thanks for the quick turnaround.

from aws-privateca-issuer.