K
Q

problems migrating k8s to RBAC

4/12/2020

so basically i changed my website to a new kubernetes cluster. Now it is necessary to enable RBAC. The pipeline runs without any errors but unfortunately the certmanager SSH doesn't work anymore. I installed certmanager with gitlab so now I'm wondering if this could have anything to do with the change to RBAC? Unfortunetally i'm new with RBAC so I don't really understand if it could be related or not. Can anybody help?

Here is a picture from the error when I run whynopadlock:

whynopadlock 1

whynopadlock 2

Edit: This is the output when I run:

kubectl auth can-i --list --as=system:serviceaccount:gitlab-managed-apps:default

enter image description here

-- user9468014
cert-manager
gitlab
kubernetes

Similar Questions

Getting error "unexpected error during validation: unable to resolve Kubernetes cluster API URL"
Run executable inside Azure Kubernetes Service Pod
Prometheus pod unable to call apiserver endpoints
How to connect to OpenLDAP which created by official helm chart?

1 Answer

4/12/2020

Deploy cert-manager to managed cluster for SSL certificates is an issue requested for the past two years (issue 40635)
Issue 29650 shows the all process is not yet well documented.

But you still have an ingress working with cert manager, meaning having the annotations expected by a cert manager:

  • kubernetes.io/ingress.class: nginx
  • kubernetes.io/tls-acme: "true"

That could help with RBAC, even though issue 33186 shows this setup as not fully working.

-- VonC
Source: StackOverflow