Installing IBM Cert Manager by using the CLI
Prerequisites
An OpenShift Container Platform cluster must be installed. For more information on supported OpenShift Container Platform versions, see Supported OpenShift versions and platforms.
Installing the IBM Cert Manager
-
Create the catalog source for the IBM Cert Manager.
- Log in to the cluster by using the
oc login
command. -
Create a YAML file named
ibm-cert-manager-catalog.yaml
with the following Operator definition:apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-cert-manager-catalog namespace: openshift-marketplace spec: displayName: ibm-cert-manager-4.2.9 publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-cert-manager-operator-catalog updateStrategy: registryPoll: interval: 45m
-
Apply this YAML file by running:
oc apply -f ibm-cert-manager-catalog.yaml
-
Verify that all the operator packages are created:
oc -n openshift-marketplace get catalogsource ibm-cert-manager-catalog -o jsonpath="{.status.connectionState.lastObservedState}"
Expected output:
READY
- Log in to the cluster by using the
-
Install the IBM Cert Manager Operator.
- Create a YAML file named,
def-certmanager.yaml
, with the resources definitions that you need. -
Apply this YAML file:
oc apply -f def-certmanager.yaml
apiVersion: v1 kind: Namespace metadata: name: ibm-cert-manager --- apiVersion: operators.coreos.com/v1alpha2 kind: OperatorGroup metadata: name: operatorgroup namespace: ibm-cert-manager --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-cert-manager-operator namespace: ibm-cert-manager spec: channel: v4.2 installPlanApproval: Automatic name: ibm-cert-manager-operator source: ibm-cert-manager-catalog sourceNamespace: openshift-marketplace
- Create a YAML file named,
Setting the hardware profile and accepting the license
See the following notes:
- The steps in this section are required only if you need to update the default hardware profile or accept the license.
spec.license.accept: true
is an optional parameter. To enable IBM Support, you must accept the license. For more information about Licensing acceptance, see License Accept.
-
Edit the
cert-manager-config
resource:oc -n ibm-cert-manager edit CertManagerConfig default
-
Update the CPU, memory request and limits parameters to set the hardware profile, and add the
spec.license.accept: true
parameter to accept the license.apiVersion: operator.ibm.com/v1 kind: CertManagerConfig metadata: labels: app.kubernetes.io/instance: ibm-cert-manager-operator app.kubernetes.io/managed-by: ibm-cert-manager-operator app.kubernetes.io/name: cert-manager name: default spec: license: accept: true certManagerController: resources: limits: cpu: 80m memory: 530Mi requests: cpu: 20m memory: 230Mi certManagerWebhook: resources: limits: cpu: 60m memory: 100Mi requests: cpu: 30m memory: 40Mi certManagerCAInjector: resources: limits: cpu: 100m memory: 520Mi requests: cpu: 20m memory: 410Mi enableCertRefresh: true enableWebhook: true version: 4.2.9 imageRegistry: icr.io/cpopen/cpfs disableHostNetwork: true