Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update AWS EKS Letsencrypt Cluster Issuer for Cert Manager #1574

Open
ciro-brent opened this issue Aug 21, 2023 · 0 comments
Open

Update AWS EKS Letsencrypt Cluster Issuer for Cert Manager #1574

ciro-brent opened this issue Aug 21, 2023 · 0 comments
Assignees
@amal-k-soman-aot

Comments

@ciro-brent
Copy link

Bug Report

Please provide information about your setup

  • formsflow.ai Version: Unsure, but I believe forms-flow-ai-charts say 3.0.1
  • Browser: Google Chrome
  • Browser version: Version 115.0.5790.170

Steps to Reproduce

  1. Complete through Step 5 of AWS EKS Procedures where you provide a command:
    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/**v1.0.1**/cert-manager.yaml

  2. When completing Step 6 of the EKS Procedures, kubectl apply -f letsencrypt-issuer.yml (the file sample you provide with the email replaced) - failed with the following observed behavior

Observed Behaviour

Error after applying "letsencrypt-issuer.yml" from
"Error from server (InternalError): error when creating "letsencrypt-issuer.yml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority"

Expected Behaviour

Should have received a "clusterissuer.cert-manager.io/forms-flow-idm created"

I had to apply two fixes to the process to get this to work:

Update cert-manager version number to the latest version (or at least more recent that v1.0.1. I check their site and v1.12.3 was the most recent release, so the Step 5 was updated to:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/**v1.12.3**/cert-manager.yaml

Also, this cert-manager.io page shows that the letsencrypt-issuer.yml file should have one change. (See: https://cert-manager.io/docs/configuration/acme/http01/ ). Since version 1.12 of cert manager, within the solver section of the ACME specs: the last line of the file you provided should set - http01:ingress:ingressClassName and not http01:ingress:ingress. If I had tested cert-manager v1.11, it may not have required the "ingressClassName", but all of the cert-manager documentation references this version of the software.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amal-k-soman-aot amal-k-soman-aot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amal-k-soman-aot @ciro-brent