nabuskey
commented
10 months ago I think this was supposed to be addressed in https://github.com/cnoe-io/reference-implementation-aws/pull/5. @kahilof Any update on the PR?
Open shivkanwer opened 10 months ago
nabuskey
commented
10 months ago I think this was supposed to be addressed in https://github.com/cnoe-io/reference-implementation-aws/pull/5. @kahilof Any update on the PR?
allamand
commented
8 months ago Maybe related, but tried to isntall ref architecture, and hist the following : Error: secret "keycloak-config" not found I deploy in eu-west-3
nimakaviani
commented
8 months ago takes a bit of time for the idpbuilder to reconcile and register keycloak-config. did it eventually resolve or did it completely fail?
allamand
commented
8 months ago I just see the postgresql failed also, seems i need to install ebs csi driver
allamand
commented
8 months ago with that it works, but I also patch the terraform to use my region, not sure if it was needed or not
allamand
commented
8 months ago in fact it does not progress:
kubectl_manifest.application_argocd_keycloak: Still creating... [21m50s elapsed]
while the ArgoCD keycload Application seems healthy:
argocd keycloak Synced Healthy
AWS region is hard coded to
us-west-2when creating the IAM policy for keyclock. If the user chooses to deploy the reference architecture in a different AWS region, the KeyClock IAM policy still looks for a secret inus-west-2which does not exist and breaks the implementation.Proposed Solution:
"arn:aws:secretsmanager:us-west-2:${data.aws_caller_identity.current.account_id}:secret:cnoe/keycloak/*"should be replaced by"arn:aws:secretsmanager:${var.region}:${data.aws_caller_identity.current.account_id}:secret:cnoe/keycloak/*"