Installing IBM Cert Manager by using the OpenShift console

Prerequisites

An OpenShift Container Platform cluster must be installed. For more information on supported OpenShift Container Platform versions, see Supported OpenShift versions and platforms.

Installing the IBM Cert Manager

  1. Create the catalog source for the IBM Cert Manager.

    1. Log in to your cluster console.
    2. Click the plus icon. You see the Import YAML dialog box.
    3. Create the catalog source by pasting the catalog source definition provided later.
    4. Click Create. The catalog source is created. Verify that the source container is ready. Use the console or the command-line interface (CLI) for verifying. The catalog source pod must have the Running status. On the cluster console, see Project: openshift-marketplace > Workloads > Pods.

    Following are the catalog source definitions:

       apiVersion: operators.coreos.com/v1alpha1
       kind: CatalogSource
       metadata:
         name: ibm-cert-manager-catalog
         namespace: openshift-marketplace
       spec:
         displayName: ibm-cert-manager-4.2.2
         publisher: IBM
         sourceType: grpc
         image: icr.io/cpopen/ibm-cert-manager-operator-catalog
         updateStrategy:
           registryPoll:
             interval: 45m
    
  2. Installing the operator from OperatorHub.

    1. In the All Items field, enter IBM Cert Manager. The IBM Cert Manager operator is displayed.
    2. Click the IBM Cert Manager tile. The IBM Cert Manager window is displayed.
    3. Click Install. You see the Install Operator page.
    4. Set Update Channel to the v4.2 version. If the Channel v4.2 version is not available, click other IBM Cert Manager tile from OperatorHub to install the correct version.
    5. Set Installation Mode to All namespaces on the cluster (default).
    6. Set Installed Namespace to ibm-cert-manager(Operator recommended)
    7. Set Update approval to Automatic.
    8. Click Install.

Setting the hardware profile and accepting the license

See the following notes:

  1. From the navigation pane, click Home > Search.
  2. From the Project drop-down list, select ibm-cert-manager.
  3. From the Resources drop-down list, select CertManagerConfig.
  4. Click the default resource.
  5. Select the YAML tab.
  6. Update the CPU, Memory request and limits parameters to set the hardware profile, and add the spec.license.accept: true parameter to accept the license.

    apiVersion: operator.ibm.com/v1
    kind: CertManagerConfig
    metadata:
      labels:
        app.kubernetes.io/instance: ibm-cert-manager-operator
        app.kubernetes.io/managed-by: ibm-cert-manager-operator
        app.kubernetes.io/name: cert-manager
      name: default
    spec:
      license:
        accept: true
      certManagerController:
        resources:
          limits:
            cpu: 80m
            memory: 530Mi
          requests:
            cpu: 20m
            memory: 230Mi
      certManagerWebhook:
        resources:
          limits:
            cpu: 60m
            memory: 100Mi
          requests:
            cpu: 30m
            memory: 40Mi
      certManagerCAInjector:
        resources:
          limits:
            cpu: 100m
            memory: 520Mi
          requests:
            cpu: 20m
            memory: 410Mi
      enableCertRefresh: true
      enableWebhook: true
      version: 4.2.2
      imageRegistry: icr.io/cpopen/cpfs
      disableHostNetwork: true