Skip to content

Update eks helm guide for AWS PCA #30176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pschisa merged 11 commits into from
Aug 16, 2023
Merged

Update eks helm guide for AWS PCA #30176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4f4ceb0
Update eks helm guide for AWS PCA
pschisa Aug 8, 2023
27e4676
Update aws.mdx
pschisa Aug 8, 2023
cb50199
Merge branch 'master' into pschisa-patch-5
pschisa Aug 8, 2023
d28fdfa
Update cspell.json
pschisa Aug 9, 2023
55403c9
Merge branch 'master' into pschisa-patch-5
pschisa Aug 9, 2023
47a2611
Merge branch 'master' into pschisa-patch-5
pschisa Aug 14, 2023
981d1b7
Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx
pschisa Aug 14, 2023
28c164c
Update docs/pages/deploy-a-cluster/helm-deployments/aws.mdx
pschisa Aug 14, 2023
8959bb5
Update aws.mdx
pschisa Aug 15, 2023
05043c3
Merge branch 'master' into pschisa-patch-5
pschisa Aug 15, 2023
ecb3a6f
Merge branch 'master' into pschisa-patch-5
pschisa Aug 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/cspell.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
"Goland",
"Grafana's",
"Gtczk",
"highavailabilitycertmanageraddcommonname",
"HKEY",
"HSTS",
"Hqlo",
Expand Down Expand Up @@ -145,6 +146,7 @@
"Pbbd",
"Pluggable",
"Println",
"privateca",
"Quickstart",
"Quicktime's",
"REDISCLI",
Expand Down Expand Up @@ -184,6 +186,7 @@
"Tatham",
"Tele",
"Templating",
"tlsexistingcasecretname",
"Tmkx",
"Toboth",
"Traefik",
Expand Down
21 changes: 21 additions & 0 deletions docs/pages/deploy-a-cluster/helm-deployments/aws.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ these options:
You can use `cert-manager` to provision and automatically renew TLS credentials
by completing ACME challenges via Let's Encrypt.

You can also use `cert-manager` with AWS Private Certificate Authority (PCA) in EKS using the
`aws-privateca-issuer` plugin.

This method uses a Kubernetes `LoadBalancer`, which will provision an underlying AWS Network Load
Balancer (NLB) to handle incoming traffic.

Expand Down Expand Up @@ -330,6 +333,15 @@ highAvailability:
podSecurityPolicy:
enabled: false
```
<Admonition type="note">
If using an AWS PCA with cert-manager, you will need to
[ensure you set](../../reference/helm-reference/teleport-cluster.mdx#highavailabilitycertmanageraddcommonname)
`highAvailability.certManager.addCommonName: true` in your values file. You will also need to get the certificate authority
certificate for the CA (`aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>`),
upload the full certificate chain to a secret, and
[reference the secret](../../reference/helm-reference/teleport-cluster.mdx#tlsexistingcasecretname)
with `tls.existingCASecretName` in the values file.
</Admonition>
</TabItem>
<TabItem label="AWS Certificate Manager">
```yaml
Expand Down Expand Up @@ -411,6 +423,15 @@ enterprise: true # Indicate that this is a Tele
podSecurityPolicy:
enabled: false
```
<Admonition type="note">
If using an AWS PCA with cert-manager, you will need to
[ensure you set](../../reference/helm-reference/teleport-cluster.mdx#highavailabilitycertmanageraddcommonname)
`highAvailability.certManager.addCommonName: true` in your values file. You will also need to get the certificate authority
certificate for the CA (`aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>`),
upload the full certificate chain to a secret, and
[reference the secret](../../reference/helm-reference/teleport-cluster.mdx#tlsexistingcasecretname)
with `tls.existingCASecretName` in the values file.
</Admonition>
</TabItem>
<TabItem label="AWS Certificate Manager">
```yaml
Expand Down