Open njuguna-n opened 6 months ago
Hi @nydr @Hareet I am trying to add TLS to the Postgres service using cert-manager and Let's Encrypt. I have this issuer yaml file but when I try to apply it with kubectl apply -f deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml -n njuguna-dev
I get the error below.
Resource: "cert-manager.io/v1, Resource=clusterissuers", GroupVersionKind: "cert-manager.io/v1, Kind=ClusterIssuer"
Name: "letsencrypt-dev", Namespace: ""
from server for: "deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml": clusterissuers.cert-manager.io "letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers" in API group "cert-manager.io" at the cluster scope```
Tagging @mrjones-plip here too, as he might have insights about the issue above.
Thanks @andrablaj !
Looking at this part of the error:
"letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers"
Looks like an AWS/EKS permissions error that SRE/Infra would be best to debug?
I otherwise don't have any experience issuing new TLS certs in EKS/helm nor adding them to a Postgres server :crying_cat_face:
Add TLS to the Postgres service in cht-sync to add an extra layer of security