forked from openshift/kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 0
cert manager
Endi S. Dewata edited this page Sep 14, 2023
·
1 revision
To authenticate as system:admin:
$ oc login -u system:admin
To authenticate as kubeadmin:
$ oc login -u kubeadmin -p <password> https://api.crc.testing:6443
To install cert-manager:
$ oc create namespace cert-manager $ oc apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml
To verify the installation:
$ oc get pods -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-57cdd66b-ws6nc 1/1 Running 0 30s cert-manager-cainjector-79f4496665-k7cbz 1/1 Running 0 30s cert-manager-webhook-6d57dbf4f-dvqml 1/1 Running 0 30s
To create an issuer, prepare the following file (e.g. acme.yaml):
apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: acme-issuer spec: acme: email: [email protected] server: https://acme.demo.dogtagpki.org/acme/directory privateKeySecretRef: name: acme-issuer-account-key solvers: - http01: ingress: class: nginx
Then execute the following command:
$ oc create -f acme-issuer.yaml
Verify with the following command:
$ oc describe clusterissuers acme-issuer ... Message: The ACME account was registered with the ACME server Reason: ACMEAccountRegistered ...
To delete the issuer:
$ oc delete clusterissuers acme-issuer $ oc delete secret acme-issuer-account-key -n cert-manager
Prepare a Certificate configuration (e.g. acme-cert.yaml):
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: acme-cert spec: secretName: acme-cert-tls dnsNames: - www.example.com issuerRef: name: acme-issuer kind: ClusterIssuer
Then execute the following command:
$ oc create -f acme-cert.yaml
To check the certificate status:
$ oc describe certificate acme-cert ... Message: Waiting for CertificateRequest "acme-cert-<request>" to complete Reason: InProgress ...
To check the certificate request status:
$ oc describe certificaterequest acme-cert-<request>
To check the order status:
$ oc describe order acme-cert-<order> ... Challenges: Token: <token> Type: dns-01 URL: http://acme.default.svc.cluster.local:8080/acme/chall/<challenge ID> Token: <token> Type: http-01 URL: http://acme.default.svc.cluster.local:8080/acme/chall/<challenge ID> ...
$ oc delete cert acme-cert
$ oc delete clusterissuer acme-issuer
$ oc logs -n cert-manager deploy/cert-manager -f