search

medic / cht-sync

Data synchronization between CouchDB and PostgreSQL for the purpose of analytics.
GNU General Public License v3.0
3 stars 5 forks source link

Add TLS to Postgres Service in EKS #93

Open njuguna-n opened 5 months ago

njuguna-n commented 5 months ago

Add TLS to the Postgres service in cht-sync to add an extra layer of security

njuguna-n commented 5 months ago

Hi @nydr @Hareet I am trying to add TLS to the Postgres service using cert-manager and Let's Encrypt. I have this issuer yaml file but when I try to apply it with kubectl apply -f deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml -n njuguna-dev I get the error below.


Resource: "cert-manager.io/v1, Resource=clusterissuers", GroupVersionKind: "cert-manager.io/v1, Kind=ClusterIssuer"
Name: "letsencrypt-dev", Namespace: ""
from server for: "deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml": clusterissuers.cert-manager.io "letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers" in API group "cert-manager.io" at the cluster scope```
andrablaj commented 4 months ago

Tagging @mrjones-plip here too, as he might have insights about the issue above.

mrjones-plip commented 4 months ago

Thanks @andrablaj !

Looking at this part of the error:

"letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers"

Looks like an AWS/EKS permissions error that SRE/Infra would be best to debug?

I otherwise don't have any experience issuing new TLS certs in EKS/helm nor adding them to a Postgres server :crying_cat_face: