Conversation
updating cert manger instructions when using AWS PCA plugin
github-actions
Bot
requested review from
lsgunn-teleport,
ptgott,
r0mant,
xinding33 and
zmb3
Co-authored-by: Steven Martin <steven@goteleport.com>
| `highAvailability.certManager.addCommonName: true` in your values file. You will also need to get the certificate authority | ||
| certificate for the CA (`aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>`), | ||
| upload the full certificate chain to a secret, and | ||
| [reference the secret](../../reference/helm-reference/teleport-cluster.mdx#tlsexistingcasecretname) | ||
| with `tls.existingCASecretName` in the values file. | ||
|
|
There was a problem hiding this comment.
Will the user still be creating an Issuer configured for Let's Encrypt? This guidance doesn't mention the Issuer, but a user following this guide from top to bottom will run into the Issuer instructions, which assume you're using Let's Encrypt.
Ideally, we should break up these instructions and add each step to the appropriate location in the page. Otherwise, a user following this guide from beginning to end will need to figure out which sentence from this paragraph supersedes which instructions later in the guide.
There was a problem hiding this comment.
@ptgott I have moved the actual instructions for the values file to the values tabs for cert manager as a note. LMK what you think.
There was a problem hiding this comment.
Thanks! Before I take a look, should there also be changes to the Issuer instructions? It seems counterintuitive to me that you would need to install a new issuer plugin, but the Issuer you would create would still use Let's Encrypt.
There was a problem hiding this comment.
I'm going to bring @webvictim into this conversation as well, since you've done a lot with this guide. Gus, if you think the new instructions are complete and followable, I'm happy to give this one a ✅ . Thanks!
There was a problem hiding this comment.
From my understanding, when a user deploys the private CA integration with cert-manger, the plugin will configure the issuer (https://github.com/cert-manager/aws-privateca-issuer)
I think then that the section You'll need to replace these values in the Issuer example below: covers the required changes a user would need to make to integrate with their already deployed issuer if utilizing AWS PCA. The only thing we could change/update is that names can be replaced
There was a problem hiding this comment.
Approved on the assumption that a user will know where to add the appropriate info!
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
public-teleport-github-review-bot
Bot
removed request for
lsgunn-teleport,
r0mant,
xinding33 and
zmb3
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Steven Martin <steven@goteleport.com> * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update aws.mdx --------- Co-authored-by: Steven Martin <steven@goteleport.com> Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update aws.mdx --------- Co-authored-by: Paul Schisa <75806143+pschisa@users.noreply.github.com> Co-authored-by: Steven Martin <steven@goteleport.com>
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Steven Martin <steven@goteleport.com> * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update aws.mdx --------- Co-authored-by: Steven Martin <steven@goteleport.com> Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update aws.mdx --------- Co-authored-by: Paul Schisa <75806143+pschisa@users.noreply.github.com> Co-authored-by: Steven Martin <steven@goteleport.com>
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Steven Martin <steven@goteleport.com> * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update aws.mdx --------- Co-authored-by: Steven Martin <steven@goteleport.com> Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Backports #30176 * Update eks helm guide for AWS PCA updating cert manger instructions when using AWS PCA plugin * Update aws.mdx * Update cspell.json * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx * Update aws.mdx --------- Co-authored-by: Paul Schisa <75806143+pschisa@users.noreply.github.com> Co-authored-by: Steven Martin <steven@goteleport.com>
5 participants
updating cert manger instructions when using AWS PCA plugin