-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Known Issue: STS GetCallerIdentity failing because of a region not specified bug #57
Comments
By when can we expect a new release? |
The CI/CD and testing modifications are going through their final security review, after which we will cut a new release. Thank you for your patience |
@solonish Any update on this? Can't seem to run Issuer or ClusterIssuer on EKS with access keys and secreet keys in a Kubernetes secret |
@bradyburke Thank you for raising this issue with the AWS Private CA Issue plugin. We have reviewed your submission, but been unable to replicate the issue you raised. Would it be possible for you to share steps to reproduce the error and your logs. We would appreciate your continuing input to repeat and then resolve this issue. |
@varunvallabhan52
Then applied the ClusterIssuer
Pod logs:
Edit: Workaround was to run a kube set command for the deployment post helm chart install and pre ClusterIssuer creation: |
Thank you for reaching out to Amazon AWS. We have resolved the query for more information refer the PR #53. Please reach out if you have any issues or questions. |
A new release v1.0.0 has been cut that resolves this issue. |
There is currently a known issue with the plugin that is preventing certificate issuance due to STS GetCallerIdentity failing because of a region not specified bug, regardless of whether a region was specified or not (#54). There is an existing pull request to fix this (#53), but we are holding off on accepting any pull requests until our testing is redesigned. To fix this issue until then, please checkout the cleanup branch by running
Also, please be sure you are using the plugin with an IAM user, as that is the most reliable workflow https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey
This user must have minimum permissions listed here: https://github.com/cert-manager/aws-privateca-issuer#configuration
The text was updated successfully, but these errors were encountered: