-
I'm trying to get started with step-ca running under Kubernetes. I'm installing using the helm chart version I'm initializing the helm chart like this:
Then I install step-ca:
And add a Traefik IngressRoute with passthrough TLS so that I can reach it:
And bootstrap my client using This all seems to complete successfully. The CA seems healthy:
I can list provisioners:
And I can issue a certificate (using the password from
Now, all the guides suggest that to enable ACME support I simply need to run:
There is no mention of authentication in the docs, but when I run this command I see:
What am I supposed to enter here...is this looking for the name of an existing provisioner? I tried entering
And this is where things fail. If I use the same password I used when performing the earlier
Am I doing something wrong? Is the documentation wrong? When I respond to the "Please enter admin name/subject" prompt, I see this request in the logs:
And when I enter the password, I see:
|
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 4 replies
-
Hi @larsks, the error message could definitely be clearer here. The issue I think you're running into is, by default the You have a couple options here.
Be sure to restart the CA (or send it a Hope this helps. |
Beta Was this translation helpful? Give feedback.
-
Thanks! This is actually not terribly clear anywhere in the docs (especially given that several commands in the "Getting started" document are operating against a remote endpoint (via I think it might be worth being explicit about that, especially since there are several deployment options that will -- by default -- result in the server not running in the same place as the client. Both the Docker and Helm documentation explicitly ask the deployer to install the |
Beta Was this translation helpful? Give feedback.
-
Of course, trying to run
And that's because
So it is apparently not possible to run that command local to the server, nor is it possible to run it remotely without additional configuration. It looks like the only options ie enabling remote provision management, so I'm off to read those docs. |
Beta Was this translation helpful? Give feedback.
-
In our continuing story... The remote provisioner management documentation suggests:
This is problematic: when deployed into a containerized environment such as Kubernetes, if we stop To sum up where we are so far:
What's the correct way to get this set up? The only thing I can come up with right now (and honestly I'm not at my best; I had two vaccinations earlier today and I can feel them starting to kick in) is to:
This will give us a writable |
Beta Was this translation helpful? Give feedback.
-
@tashian, thanks for your help. Something still isn't right. By removing the provisioner configuration from
The invocation of
And
But once the CA is running, I'm unable to add a new admin:
In the above command I'm not sure what "invalid issuer claim" means or what to try next. |
Beta Was this translation helpful? Give feedback.
-
Hi @larsks, I haven't looked at all the threads, but @hslatman is working on a couple of PRs to be able to configure the admin interface when you run |
Beta Was this translation helpful? Give feedback.
-
I have discovered the primary problem: The most recent version of the helm chart installs step-ca version 0.18.2, and it looks like that doesn't have the remote admin support (or at least, it doesn't interoperate with a more recent client). The most recent version of the app appears to be 0.22.1; If I override the image installed by the helm chart, it appears to work as expected. Is the helm chart still maintained?
Something that isn't clear in the documentation: after I create an admin user like this, how do I authenticate as that user? The
|
Beta Was this translation helpful? Give feedback.
I have discovered the primary problem:
The most recent version of the helm chart installs step-ca version 0.18.2, and it looks like that doesn't have the remote admin support (or at least, it doesn't interoperate with a more recent client). The most recent version of the app appears to be 0.22.1; If I override the image installed by the helm chart, it appears to work as expected.
Is the helm chart still maintained?
Something that isn't clear in the documentation: after I create an admin user like this, how do I authenticate as that user? The
admin add
command never prompts for any sort of password. After showing …