https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# epinio
a
This message was deleted.
b
By default a couple of users are created (
admin
and 
epinio
, both with password 
password
) but you can override this settings in the helm values
The output at the end of the install should help you
w
ah, ok, so they are being created at install time then. The way it reads makes it seem like they might be established accounts. I see now that in the Rancher apps UI, it looks like only domain is required. Do you have some pointers on that part?
oh, nvm
I also see that the origin is not reqd. I'll give this a quick shot
b
If you follow the steps in the epinio.io site you can see that the only required value is the domain ๐Ÿ™‚
w
I followed the steps but the UI portion threw me off. So used to vanilla helm. Which I could have done, but I'm documenting this for my suse partner stuff ๐Ÿ™‚
Alright so I already have a letsencrypt-production clusterissuer, and cert-manager already installed (into namespace cert-manager) Here are my errors:
Copy code
Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ClusterIssuer "letsencrypt-production" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "<http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>": must be set to "Helm"; annotation validation error: missing key "<http://meta.helm.sh/release-name|meta.helm.sh/release-name>": must be set to "epinio"; annotation validation error: missing key "<http://meta.helm.sh/release-namespace|meta.helm.sh/release-namespace>": must be set to "epinio"
I deleted the existing clusterissuer and it looks like it's installing, will report
c
hm yes it seems that we create the "letsencrypt-production" cluster issuer unconditionally with this rather "default" name (https://github.com/epinio/helm-charts/blob/201555878a8fd29b17a44100490950d311dbd147/chart/epinio/templates/cluster-issuers.yaml#L10) . I'm wondering if this deserves a boolean flag to control its creation.
w
It seemed like the questions (Rancher UI) were leaning in that direction when asking the user if they wanted to use a custom issuer or predefined. I wasn't sure if it meant if it was for public or private, but the letsencrypt-production being a predefined in the drop-down made it seem like it was intended for this purpose https://github.com/epinio/helm-charts/blob/main/chart/epinio/questions.yml#L30
c
keep in mind, for letsencrypt to work, your system domain should be accessible from the outside, otherwise the challenge won't be solvable: https://letsencrypt.org/docs/challenge-types/ (we do the http one)
w
Yea I use http01 certs as well
I would have preferred if I could have installed it using the staging issuer first then done an upgrade to switch it to production
In this case I'm currently having a problem with external-dns for some reason, so I need to uninstall epinio until I can get that fixed so it doesn't kill my failed cert quota ๐Ÿ˜ฌ
c
if this is not meant to be a "production" installation, maybe you can start with the private-ca issuer first (or self-signed)
w
I'll do that, I just remembered to go uninstall it as I was typing lol
As a user that already has cert manager installed with issuers configured, I would have tried to specify my existing letsencrypt-staging clusterissuer by providing that in the install, or a specifically named predefined option (parity with the letsencrypt-production issuer)
c
yes that makes sense. Let me create an issue to fix this
Here you are: https://github.com/epinio/helm-charts/issues/234 feel free to comment ๐Ÿ™‚
60 Views
Open in Slack
PreviousNext
Powered by