You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have cert-manager installed via helm with default settings. When installing this chart, I get the following permissions error:
rook-ceph 23m Warning PresentError challenge/ceph-tls-55tl8-3331809567-906918078 Error presenting challenge: hetzner.acme.example.org is forbidden: User "system:serviceaccount:cert-manager:certbot-cert-manager" cannot create resource "hetzner" in API group "acme.example.org" at the cluster scope
In my cert-manager deploy i have the following helm values set:
(jetstack certbot v1.6.1, pasting the terraform options as they directly translate to chart values)
set {
name = "global.rbac.create"
value = "true"
}
set {
name = "serviceAccount.create"
value = "true"
}
set {
name = "prometheus.enabled"
value = "false"
}
set {
name = "webhook.enabled"
value = "true"
}
set {
name = "cainjector.enabled"
value = "true"
}
set {
name = "installCRDs"
value = "true"
}
Whats going on here ?
The text was updated successfully, but these errors were encountered:
This issue arises if your configured API group in the helm chart does not match the groupName in your Issuer. Make sure to configure the --set groupName=acme.yourdomain.tld setting when installing the helm chart and set the groupName in your issuer to the exact same value. This should fix the issue.
Thanks .. it turns out that when using helm to deploy cert-manager, the cert-manager service account actually isnt called "cert-manager", but "{deploy-name}-cert-manager". In my case, I had to set the certManager serviceAccountName accordingly.
Hi!
I have cert-manager installed via helm with default settings. When installing this chart, I get the following permissions error:
In my cert-manager deploy i have the following helm values set:
Whats going on here ?
The text was updated successfully, but these errors were encountered: