K
Q

Trouble setting up cert-manager without helm or rbac on gke

7/31/2018

I believe I have followed this guide: https://medium.com/@hobochild/installing-cert-manager-on-a-gcloud-k8s-cluster-d379223f43ff

which, has me install the without-rbac version of cert-manager from this repo: https://github.com/jetstack/cert-manager

however when the cert-manager pod boots up it starts spamming this error: leaderelection.go:224] error retrieving resource lock cert-manager/cert-manager-controller: configmaps "cert-manager-controller" is forbidden: User "system:serviceaccount:cert-manager:default" cannot get configmaps in the namespace "cert-manager": Unknown user "system:serviceaccount:cert-manager:default"

Hoping someone has some ideas.

-- kahsm
cert-manager
kubernetes
ssl

Similar Questions

KubeSchedulerConfiguration is not available to the componentconfig API
Using external NFS exports with kubernetes pods
Using host paths for persistent volumes with restrictions
How to use slices and maps with the k8s.io/code-generator
How to increase POST timeout to api-server when init kubernet cluster witth kubeadm
Authenticate to K8s as specific user

2 Answers

8/10/2018

You should use the 'with-rbac.yaml' variant if you are installing in GKE, unless you have explicitly disabled RBAC on the GKE cluster!

This should resolve the issues you're seeing here, as by the looks of your error message, you do have RBAC enabled!

-- James Munnelly
Source: StackOverflow
8/3/2018

The errors seem to be coming from RBAC. If you're running this in minikube you can grant the default service account in the cert-manager namespace the proper rights by running:

kubectl create clusterrolebinding cert-manager-cluster-admin --clusterrole=cluster-admin --serviceaccount=cert-manager:default

After creating the role binding, cert-manager should complete its startup.

-- ctt
Source: StackOverflow