Closed nishanthcheruku closed 6 months ago
Thank you for raising this issue with the AWS Private CA Issuer plugin. We will review your submission and respond back to you here as soon as possible.
Hi @nishanthcheruku,
Were you using your Kubernetes clusters through Terraform ? If so could you please try the following
Hello @aveega, Thanks for the response. Cluster creation and application of manifest files are manual, i.e. without any Terraform or any other IAC.
Hi @nishanthcheruku,
The controller doesn't seem to have picked up the secret from your configuration. So it is definitely a configuration issue.
The provided log is not sufficient to identify the configuration issue. Additional logs could point to the exact issue.
One suggestion I have is to explicitly define the namespace, in the error log, the namespace is empty, which should mean the "default" namespace, but I'd suggest you declare it explicitly as shown in our example in the README.
Going to close this issue due to non-response. Please reopen if you're experiencing the same issue or have more to add!
Describe the expected outcome
I Installed certmanager and aws private CA add-on for certificates on local Kubernetes clusters. Post that I created secret (with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in base64 encoding). As soon as I created cluster issuer, I see logs that the authentication is not happening. The issue remains even after certificate request.
Describe the actual outcome
Certificate should get issued
Steps to reproduce
No response
Relevant log output
{"level":"error","ts":"2023-11-22T09:38:48Z","msg":"Reconciler error","controller":"awspcaclusterissuer","controllerGroup":"awspca.cert-manager.io","controllerKind":"AWSPCAClusterIssuer","AWSPCAClusterIssuer":{"name":"parentca"},"namespace":"","name":"parentca","reconcileID":"8db6ef52-0bfb-4692-979d-fcf79fde29ae","error":"operation error STS: GetCallerIdentity, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, failed to get API token, operation error ec2imds: getToken, http response error StatusCode: 400, request to EC2 IMDS failed","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:227"}
Version
certmanager - 1.13
Have you tried the following?
Category
Authentication Issue
Severity
Severity 3