Comments (7)
By when can we expect a new release?
from aws-privateca-issuer.
By when can we expect a new release?
The CI/CD and testing modifications are going through their final security review, after which we will cut a new release. Thank you for your patience
from aws-privateca-issuer.
@solonish Any update on this? Can't seem to run Issuer or ClusterIssuer on EKS with access keys and secreet keys in a Kubernetes secret
from aws-privateca-issuer.
@bradyburke Thank you for raising this issue with the AWS Private CA Issue plugin. We have reviewed your submission, but been unable to replicate the issue you raised. Would it be possible for you to share steps to reproduce the error and your logs. We would appreciate your continuing input to repeat and then resolve this issue.
from aws-privateca-issuer.
@varunvallabhan52
Running an EKS cluster with Kubernetes version 1.20. Applied a secret using helm:
apiVersion: v1
metadata:
name: amc-pca-creds
namespace: cert-manager
data:
AWS_ACCESS_KEY_ID: "{{ .Values.accessKey }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.secretKey }}"
Then applied the ClusterIssuer
apiVersion: awspca.cert-manager.io/v1beta1
kind: AWSPCAClusterIssuer
metadata:
name: internal
spec:
arn: {{ .Values.awsPca.arn }}
region: "us-east-2"
secretRef:
namespace: cert-manager
name: amc-pca-creds
Pod logs:
{"level":"error","ts":1635351796.0990462,"logger":"controller-runtime.manager.controller.awspcaclusterissuer","msg":"Reconciler error","reconciler group":"awspca.cert-manager.io","reconciler kind":"AWSPCAClusterIssuer","name":"starburstinternal","namespace":"","error":"operation error STS: GetCallerIdentity, failed to resolve service endpoint, an AWS region is required, but was not found","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/[email protected]/zapr.go:132\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:302\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\t/go/pkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:99"}
Edit: Workaround was to run a kube set command for the deployment post helm chart install and pre ClusterIssuer creation: kubectl set env deployment/awspca-aws-privateca-issuer AWS_REGION=us-east-2 -n cert-manager
from aws-privateca-issuer.
Thank you for reaching out to Amazon AWS. We have resolved the query for more information refer the PR #53. Please reach out if you have any issues or questions.
from aws-privateca-issuer.
A new release v1.0.0 has been cut that resolves this issue.
from aws-privateca-issuer.
Related Issues (20)
- [Feature Request]: List the chart repository on artifacthub.io HOT 1
- [Feature Request]: Integration with cert-manager 1.10 HOT 4
- [Bug]: Using the default version causes image pull failures HOT 4
- Integration with cert-manager, istio-csr fails pod to pod mTLS. HOT 5
- [Bug]: Image Tag in Helm Chart doesn't match Contianer Image Tag HOT 9
- topologySpreadConstraints support in helm chart HOT 6
- [Bug]: cert-manager.io/cluster-issuer annotation does not work for AWSPCAClusterIssuer HOT 12
- [Feature Request]: helm chart: support optional podDisruptionBudget HOT 1
- [Feature Request]: Documentation of useage with ingress annotations HOT 2
- [Bug]: panic: runtime error: invalid memory address or nil pointer dereference HOT 8
- security HOT 3
- [Feature Request]: Support temporary AWS credentials (including AWS_SESSION_TOKEN) HOT 1
- [Bug]: Error: failed to sts.GetCallerIdentity when using IRSA HOT 11
- [Bug]: awspca-issuer not using secretRef to obtain CA HOT 7
- [Feature Request]: Issue image out of more official ECR Public Repo HOT 2
- [Feature Request]: Support ARM64 architecture HOT 4
- [Feature Request]: Add feature to call kubernetes secrets for the AWSPCAClusterIssuer spec.arn value HOT 3
- [Bug]: Issuer is not ready and certificate creation fails HOT 10
- [Bug]: Connection to AWS PCA not working HOT 5
- [Feature Request]: Replace deprecated `set-output` command with environment file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-privateca-issuer.