Open mdykes-gw opened 3 years ago
@tavlima I can work on an ImportCertificate workflow for ACM, sure. Unfortunately I won't be able to get to this for probably another couple weeks, though.
@tavlima , Wondering if you have any updates on the ImportCertificate workflow? TIA
@mahadh02 it was me who was working on this :) And I have not had the time or resources to get to it unfortunately. I may have some time towards the end of May to tackle this, however.
Hey, @jaypipes. Happy new year. 😄 Any updates on this?
Hey, @a-hilaly, do you happen to have any updates on this? Should I create another issue, for better tracking?
I did some playing around with the controller today and it is looking nice so far. I have a couple of questions/feature requests.
Our use case is to import certs, issued by cert-manager, to ACM. It would be great if the operator can do this.
@akamac ACM certs are free, why not issue new ones instead?
Because AWS no longer issues certificates for ru zone, while Let's Encrypt does.
Been stuck with exactly this! My setup is non-EKS kubeadm
cluster running on EC2 with aws-load-balancer-controller
, cert-manager
and LetsEncrypt
CA. I hope the ACM controller or Load Balancer controller supports,
LetsEncrypt
issued certificates to the ACM such that ALB can auto-discover them based on host name in TLS spec.Without either, TLS on Load Balancer's is pretty much impossible to automate on non-EKS (tested) or even EKS clusters (untested). I wrote an issue here that condenses the problems I encountered on non-EKS cluster with aws-load-balancer-controller
and this is one of them.
This is frustrating to learn that such an important feature is not automated today, almost 5 years later
Folks we have a PR open to support importing certificates https://github.com/aws-controllers-k8s/acm-controller/pull/40#issuecomment-2243449643 - please feel free to review and drop comments on how it will be implemented
Folks we have a PR open to support importing certificates aws-controllers-k8s/acm-controller#40 (comment) - please feel free to review and drop comments on how it will be implemented
An example spec can be found in the PR: https://github.com/aws-controllers-k8s/acm-controller/blob/a386d8f3e6bdf9ab717d65ee66ddb0a9761cda4a/test/e2e/resources/certificate_imported.yaml. Both privateKey
and certificate
are references to secrets. Currently, you cannot reference a Kubernetes secret of type kubernetes.io/tls
because of a limitation in code-generator, so an Opaque
secret will need to be used.
apiVersion: acm.services.k8s.aws/v1alpha1
kind: Certificate
metadata:
name: $CERTIFICATE_NAME
spec:
privateKey:
name: $SECRET_NAME
key: tls.key
certificate:
name: $SECRET_NAME
key: tls.crt
tags:
- key: environment
value: dev
- key: imported
value: "true"
/assign @cPu1
New ACK Service Controller
Support for ACM
List of API resources
List the API resources in order of importance to you:
1) Certificate