Trouble setting up cert-manager without helm or rbac on gke

7/31/2018

I believe I have followed this guide: https://medium.com/@hobochild/installing-cert-manager-on-a-gcloud-k8s-cluster-d379223f43ff

which, has me install the without-rbac version of cert-manager from this repo: https://github.com/jetstack/cert-manager

however when the cert-manager pod boots up it starts spamming this error: leaderelection.go:224] error retrieving resource lock cert-manager/cert-manager-controller: configmaps "cert-manager-controller" is forbidden: User "system:serviceaccount:cert-manager:default" cannot get configmaps in the namespace "cert-manager": Unknown user "system:serviceaccount:cert-manager:default"

Hoping someone has some ideas.

-- kahsm
cert-manager
kubernetes
ssl

2 Answers

8/10/2018

You should use the 'with-rbac.yaml' variant if you are installing in GKE, unless you have explicitly disabled RBAC on the GKE cluster!

This should resolve the issues you're seeing here, as by the looks of your error message, you do have RBAC enabled!

-- James Munnelly
Source: StackOverflow

8/3/2018

The errors seem to be coming from RBAC. If you're running this in minikube you can grant the default service account in the cert-manager namespace the proper rights by running:

kubectl create clusterrolebinding cert-manager-cluster-admin --clusterrole=cluster-admin --serviceaccount=cert-manager:default

After creating the role binding, cert-manager should complete its startup.

-- ctt
Source: StackOverflow