Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS to Postgres Service in EKS #93

Open
njuguna-n opened this issue Apr 29, 2024 · 3 comments · May be fixed by #103
Open

Add TLS to Postgres Service in EKS #93

njuguna-n opened this issue Apr 29, 2024 · 3 comments · May be fixed by #103
Assignees
@njuguna-n
Labels
Status: Blocked Unable to progress this.

Comments

@njuguna-n
Copy link
Contributor

njuguna-n commented Apr 29, 2024
edited by andrablaj
Loading

Add TLS to the Postgres service in cht-sync to add an extra layer of security
@njuguna-n njuguna-n self-assigned this Apr 29, 2024
@njuguna-n
Copy link
Contributor Author

njuguna-n commented Apr 29, 2024
edited
Loading

Hi @nydr @Hareet I am trying to add TLS to the Postgres service using cert-manager and Let's Encrypt. I have this issuer yaml file but when I try to apply it with kubectl apply -f deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml -n njuguna-dev I get the error below.

Resource: "cert-manager.io/v1, Resource=clusterissuers", GroupVersionKind: "cert-manager.io/v1, Kind=ClusterIssuer"
Name: "letsencrypt-dev", Namespace: ""
from server for: "deploy/cht_sync/templates/letsencrypt-cluster-issuer.yaml": clusterissuers.cert-manager.io "letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers" in API group "cert-manager.io" at the cluster scope```

@andrablaj andrablaj changed the title ADD TLS to Postgres Service in EKS Add TLS to Postgres Service in EKS May 8, 2024
@andrablaj andrablaj added the Status: Blocked Unable to progress this. label May 14, 2024
@andrablaj andrablaj linked a pull request May 17, 2024 that will close this issue
Draft
@andrablaj
Copy link
Member

Tagging @mrjones-plip here too, as he might have insights about the issue above.

@mrjones-plip
Copy link
Contributor

Thanks @andrablaj !

Looking at this part of the error:

"letsencrypt-dev" is forbidden: User "njuguna" cannot get resource "clusterissuers"

Looks like an AWS/EKS permissions error that SRE/Infra would be best to debug?

I otherwise don't have any experience issuing new TLS certs in EKS/helm nor adding them to a Postgres server 😿

@njuguna-n njuguna-n mentioned this issue May 27, 2024
Open
@andrablaj andrablaj added this to the CHT Sync Production milestone May 30, 2024
@andrablaj andrablaj added the Priority: 1 - High Blocks the next release. label May 30, 2024
@andrablaj andrablaj removed this from the CHT Sync Production milestone Sep 6, 2024
@andrablaj andrablaj removed the Priority: 1 - High Blocks the next release. label Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njuguna-n njuguna-n

Labels
Status: Blocked Unable to progress this.
Projects
Product Team Activities
Status: Todo
Site Reliability Support Dashboard
Status: Awaiting Triage
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

93 add tls to postgres medic/cht-sync
3 participants
@mrjones-plip @andrablaj @njuguna-n