I have a paid cluster with the IBM Cloud Kubernetes Service and a container / service deployed. I have a valid wildcard certificate which I imported into the Certificate Manager. Now I want to apply or deploy that certificate to my cluster:
bx cs alb-cert-deploy --secret-name henrik-xxxx --cluster henrik-bla-bla --cert-crn crn:v1:bluemix:public:cloudcerts:us-south:a/lotsofnumbers:certificate:morenumbers
The above command returns without an error. But when I check the certificate deployment with alb-cert-get it reports a "create_failed". I looked at the troubleshooting guide and tried to update and remove the certificate resp. secret. However, it seems the secret is still around and I cannot really remove it.
Are there command options I can use to get more diagnostic data? Any logs I can see? Any command I can use to clean up the environment?
There are several ways to debug the issue:
export BLUEMIX_TRACE=true; bx cs alb-cert-deploy ... to trace the command.In my case I could see the following in the Activity Tracker logs:
"responseData_str": "{\"code\":\"IAMERR403-01\",\"message\":\"Forbidden\"}",It was part of an event related to:
"action_str": "cloudcerts.certificate.read",
"target": {
"name_str": "cloudcerts",
"id_str": "crn:v1:bluemix:public:cloudcerts:us-south:a/lotsofnumberhere::",
"typeURI_str": "certificate/read"
},
This points to an authorization issue.