Installing IBM Cert Manager by using the OpenShift console
Prerequisites
An OpenShift Container Platform cluster must be installed. For more information on supported OpenShift Container Platform versions, see Supported OpenShift versions and platforms.
Installing the IBM Cert Manager
-
Create the catalog source for the IBM Cert Manager.
- Log in to your cluster console.
- Click the plus icon. You see the Import YAML dialog box.
- Create the catalog source by pasting the catalog source definition provided later.
- Click Create. The catalog source is created. Verify that the source container is ready. Use the console or the command-line interface (CLI) for verifying. The catalog source pod must have the Running status. On the cluster console, see Project: openshift-marketplace > Workloads > Pods.
Following are the catalog source definitions:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-cert-manager-catalog namespace: openshift-marketplace spec: displayName: ibm-cert-manager-4.2.2 publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-cert-manager-operator-catalog updateStrategy: registryPoll: interval: 45m
-
Installing the operator from OperatorHub.
- In the All Items field, enter
IBM Cert Manager
. The IBM Cert Manager operator is displayed. - Click the IBM Cert Manager tile. The IBM Cert Manager window is displayed.
- Click Install. You see the Install Operator page.
- Set Update Channel to the
v4.2
version. If the Channelv4.2
version is not available, click other IBM Cert Manager tile from OperatorHub to install the correct version. - Set Installation Mode to
All namespaces on the cluster (default)
. - Set Installed Namespace to
ibm-cert-manager(Operator recommended)
- Set Update approval to
Automatic
. - Click Install.
- In the All Items field, enter
Setting the hardware profile and accepting the license
See the following notes:
- The steps in this section are required only if you need to update the default hardware profile or accept the license.
spec.license.accept: true
is an optional parameter. To enable IBM Support, you must accept the license. For more information about Licensing acceptance, see License Accept.
- From the navigation pane, click Home > Search.
- From the Project drop-down list, select
ibm-cert-manager
. - From the Resources drop-down list, select
CertManagerConfig
. - Click the default resource.
- Select the YAML tab.
-
Update the CPU, Memory request and limits parameters to set the hardware profile, and add the
spec.license.accept: true
parameter to accept the license.apiVersion: operator.ibm.com/v1 kind: CertManagerConfig metadata: labels: app.kubernetes.io/instance: ibm-cert-manager-operator app.kubernetes.io/managed-by: ibm-cert-manager-operator app.kubernetes.io/name: cert-manager name: default spec: license: accept: true certManagerController: resources: limits: cpu: 80m memory: 530Mi requests: cpu: 20m memory: 230Mi certManagerWebhook: resources: limits: cpu: 60m memory: 100Mi requests: cpu: 30m memory: 40Mi certManagerCAInjector: resources: limits: cpu: 100m memory: 520Mi requests: cpu: 20m memory: 410Mi enableCertRefresh: true enableWebhook: true version: 4.2.2 imageRegistry: icr.io/cpopen/cpfs disableHostNetwork: true