Install the Kubernetes certificate management
controller (cert-manager) in your cluster to generate and manage the TLS certificates that are
required for internal communication.
Before you begin
Ensure that you have administrator authority or have been granted the
appropriate role-based access control (RBAC) to administer the cluster.
About this task
By default, cert-manager is installed into a cert-manager
namespace in your cluster.
For more information about cert-manager, see the cert-manager documentation.
Procedure
To install cert-manager, complete the following steps:
- From the command-line interface, log in to your Kubernetes
environment.
- Run the following command to install the cert-manager resources from a YAML manifest file
on GitHub:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
- To verify the installation, run the following command:
kubectl get pods --namespace cert-manager
The output should indicate that the cert-manager pods have a status of Running
.
- Run the following command to patch your deployment. Do not replace
${POD_NAMESPACE}
in this command; this value is referenced within the
cert-manager.yaml file.
kubectl patch deployment \
cert-manager \
--namespace cert-manager \
--type='json' \
-p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": [
"--v=2",
"--cluster-resource-namespace=$(POD_NAMESPACE)",
"--leader-election-namespace=kube-system",
"--enable-certificate-owner-ref"
]}]'
When the command completes, it adds a flag to ensure that any auto-generated secrets that store
certificates are automatically removed when necessary.
What to do next
Install Operator Lifecycle Manager (OLM) to facilitate lifecycle management of the Operator, as
described in Installing the Operator Lifecycle Manager (OLM) in your Kubernetes cluster.