Comments (6)
Ah I see. Thanks that fixed it!
from kubernetes-letsencrypt.
That's a Google Cloud error and it seems a bit odd if you've deployed it to a GCP-environment.
GCP usually provides the metadata service which lets you fetch the service account token for the instance.
If your instance does not have DNS management permissions I'd expect it to error with "Permission denied [for the service account of your instance]" rather than "Login required" which implies that you're not logged in at all.
Regardless, if your instance does not have the required permissions for Cloud DNS you can create a service account and make a private key for it. Setting the environment variable GOOGLE_APPLICATION_CREDENTIALS
to the location of the key JSON file will cause the Google Cloud SDK to pick them up.
from kubernetes-letsencrypt.
I did create a service account for this, and gave it the correct permissions. Since this is a test project/cluster I actually gave it Editor permissions for the whole project.
from kubernetes-letsencrypt.
Hmm, and you mounted the key JSON into the container and set the environment variable correctly?
from kubernetes-letsencrypt.
Yes. Here's that piece of the config:
spec:
containers:
- image: tazjin/letsencrypt-controller:1.8-SNAPSHOT
imagePullPolicy: Always
name: letsencrypt-controller
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/ce"
volumeMounts:
- name: ce
mountPath: "/etc/ce"
readOnly: true
volumes:
- name: ce
secret:
secretName: ce
I created the secret as so:
kubectl create secret generic ce --from-file=./credentials.json -n kube-system
Where credentials.json
is the private key file from the service account created.
I also explicitly added DNS Administrator to the service account, but no go.
from kubernetes-letsencrypt.
Oh, the path has to point at the file itself, i.e. /etc/ce/credentials.json
(see docs)
from kubernetes-letsencrypt.
Related Issues (20)
- Allow single certificate for multiple services HOT 1
- Route 53 Split-horizon DNS HOT 8
- prepareDnsChallenge cleanup exception HOT 2
- Always determine authoritative NS from root
- Support ACME V2 API and wildcard certificates HOT 5
- Influence the cert filenames HOT 3
- Add support for ingress controller secret format HOT 2
- Error creating new authz :: too many currently pending authorizations HOT 5
- NullPointerException in DnsRecordObserver.findAuthoritativeNameservers HOT 4
- Transient error: "Must agree to subscriber agreement" HOT 1
- Exception in thread "Thread-23" HOT 2
- 403 Forbidden HOT 1
- create a chained cert for nginx as well HOT 7
- Exception: empty collection can't be reduced HOT 8
- Is this project still active? HOT 22
- No pom.xml? HOT 1
- hanging in fail-loop HOT 2
- Failed due to invalid challenge HOT 5
- LetsencryptException: No matching zone found. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-letsencrypt.