Git Product home page Git Product logo

Comments (6)

chrisabrams avatar chrisabrams commented on June 20, 2024 1

Ah I see. Thanks that fixed it!

from kubernetes-letsencrypt.

tazjin avatar tazjin commented on June 20, 2024

That's a Google Cloud error and it seems a bit odd if you've deployed it to a GCP-environment.

GCP usually provides the metadata service which lets you fetch the service account token for the instance.

If your instance does not have DNS management permissions I'd expect it to error with "Permission denied [for the service account of your instance]" rather than "Login required" which implies that you're not logged in at all.

Regardless, if your instance does not have the required permissions for Cloud DNS you can create a service account and make a private key for it. Setting the environment variable GOOGLE_APPLICATION_CREDENTIALS to the location of the key JSON file will cause the Google Cloud SDK to pick them up.

from kubernetes-letsencrypt.

chrisabrams avatar chrisabrams commented on June 20, 2024

I did create a service account for this, and gave it the correct permissions. Since this is a test project/cluster I actually gave it Editor permissions for the whole project.

from kubernetes-letsencrypt.

tazjin avatar tazjin commented on June 20, 2024

Hmm, and you mounted the key JSON into the container and set the environment variable correctly?

from kubernetes-letsencrypt.

chrisabrams avatar chrisabrams commented on June 20, 2024

Yes. Here's that piece of the config:

spec:
      containers:
        - image: tazjin/letsencrypt-controller:1.8-SNAPSHOT
          imagePullPolicy: Always
          name: letsencrypt-controller
          env:
          - name: GOOGLE_APPLICATION_CREDENTIALS
            value: "/etc/ce"
          volumeMounts:
          - name: ce
            mountPath: "/etc/ce"
            readOnly: true
      volumes:
      - name: ce
        secret:
          secretName: ce

I created the secret as so:

 kubectl create secret generic ce --from-file=./credentials.json -n kube-system

Where credentials.json is the private key file from the service account created.

I also explicitly added DNS Administrator to the service account, but no go.

from kubernetes-letsencrypt.

tazjin avatar tazjin commented on June 20, 2024

Oh, the path has to point at the file itself, i.e. /etc/ce/credentials.json (see docs)

from kubernetes-letsencrypt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.