cert-manager
Less than 1 minute
cert-manager
prepare
- k8s is ready
- argocd is ready and logged in
installation
- prepare
cert-manager.yamlapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: cert-manager spec: syncPolicy: syncOptions: - CreateNamespace=true project: default source: repoURL: https://ben-wangz.github.io/helm-chart-mirror/charts chart: cert-manager targetRevision: 1.13.3 helm: releaseName: cert-manager values: | installCRDs: true image: repository: quay.io/jetstack/cert-manager-controller tag: v1.13.3 webhook: image: repository: quay.io/jetstack/cert-manager-webhook tag: v1.13.3 cainjector: image: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.13.3 acmesolver: image: repository: quay.io/jetstack/cert-manager-acmesolver tag: v1.13.3 startupapicheck: image: repository: quay.io/jetstack/cert-manager-ctl tag: v1.13.3 destination: server: https://kubernetes.default.svc namespace: basic-components
- apply to k8s
kubectl -n argocd apply -f cert-manager.yaml
- sync by argocd
argocd app sync argocd/cert-manager
bootstrapping self-signed CA cluster issuer
- prepare
self-signed.yaml--- apiVersion: cert-manager.io/v1 kind: Issuer metadata: namespace: basic-components name: self-signed-issuer spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: namespace: basic-components name: my-self-signed-ca spec: isCA: true commonName: my-self-signed-ca secretName: root-secret privateKey: algorithm: ECDSA size: 256 issuerRef: name: self-signed-issuer kind: Issuer group: cert-manager.io --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: self-signed-ca-issuer spec: ca: secretName: root-secret
- apply to k8s
kubectl apply -f self-signed.yaml