aws-privateca-issuer
aws-privateca-issuer copied to clipboard
cert-manager
[Feature Request]: can we support for arm platform?
Describe why this change is needed
we are migrating to arm platform, can we support for arm platform use multi-arch docker image?
Describe solutions and alternatives considered (optional)
No response
Is there anything else you would like to add?
No response
Thank you for submitting a feature request to the AWS Private CA Issuer plugin. We will review the request and get back to you.
I guess this could cause error: "standard_init_linux.go:228: exec user process caused: exec format error" on a Raspberry PI based cluster ?
Thank you for submitting the feature request to AWS Private CA Issuer plugin. We have reviewed your submission, and this feature request is not prioritized at this time. Currently we do not officially support ARM, our automation runs only for x86-64 based environments. We have captured your request as a potential enhancement for consideration on our roadmap.
In the interim, you are free to build the docker image and utilize it for your use case.
hello guys am currious, after going through with setup for ssl in eks with private CA everything got issued and working but when i access the host through my nlb it doesnt really use the certificate. its not encrypted. Does it has to do with namespaces or, can someone help me out
Hi @bashiru98 - this Github repository focuses on this Plugin. Questions about getting certificates to work with NLB are best directed at AWS support. AWS does have two guides up on enabling TLS encryption with this plugin:
- https://aws.amazon.com/blogs/containers/setting-up-end-to-end-tls-encryption-on-amazon-eks-with-the-new-aws-load-balancer-controller/
- https://aws.amazon.com/blogs/security/tls-enabled-kubernetes-clusters-with-acm-private-ca-and-amazon-eks-2/
Hope that helps!
I have try on arm64, it's fine.
hi, so the pca image works on ARM based graviton instances ? can you share the image pls
Not sure, how long it is gonna take. I think it is just a matter of choosing one more option while building docker image :-)
Anyways I tried the version "v1.2.2" and still getting the same error- exec /manager: exec format error
I tried version 1.2.4 and get the same error:
exec /manager: exec format error
If someone has instructions on building an image that could be deployed on bottlerocket, that'd be awesome.
(i should clarify... like @bkjones we're using the v1.2.4 release and it's failing with the same error...)
Hi @diranged, thanks for the +1 on this request. We haven't prioritized this feature and don't have a date for it, yet. To help get this prioritized, would you be open to connecting on Slack so I can understand your use case and requirements better? You can reach me in our Kubernetes Slack channel #cert-manager-aws-privateca-issuer (https://kubernetes.slack.com/archives/C02FEDR3FN2) or directly message me there.
cc: @bkjones @parjun8840 @pkoteswar - I'd also love to connect with you with regards to this feature request.
I think the simple answer here is that ARM processors are cheaper in general, and so we're moving most of our workloads to ARM... I just dislike having to explicitly run X86 nodes for something like this where performance is not critical.
I am getting a similar issue with the helm chat, I am on EKS with Bottlerocket amazon/bottlerocket-aws-k8s-1.27-aarch64-v1.14.1-842c7134
the cert-manager-aws-privateca-issuer:latest failed to pull and unpack.
logs from aws-pca-issuer-aws-privateca-issuer pod:
Failed to pull image "public.ecr.aws/k1n1h4h4/cert-manager-aws-privateca-issuer:latest": rpc error: code = NotFound desc = failed to pull and unpack image "public.ecr.aws/k1n1h4h4/cert-manager-aws-privateca-issuer:latest": no match for platform in manifest: not found
any workaround to this?
@ibrahimjelliti Right now, there is no workaround to this. This plugin currently only supports and tests with AL2.