Installing IBM Certificate Manager on IBM Cloud
Maximo® Application Suite uses IBM Certificate Manager service to control certificate management. This service ensures that certificates are valid and up to date, and attempts to renew certificates at a configured time before expiry.
You can skip the installation of IBM Certificate Manager, as it will be automatically installed as part of Maximo Application Suite installation. If you install Cloud Pak for Data , it also installs IBM Certificate Manager automatically.
To install the IBM Certificate Manager, you create an OperandRequest
resource
that includes the ibm-cert-manager-operator
operator in the list of requested
services. The IBM Cloud Pak® for Data operator will then process the
OperandRequest
and provision the IBM Certificate Manager Operator.
Installing by using the Red Hat OpenShift web console
Procedure
- Accessing Red Hat OpenShift web console.
-
In the banner, click Import YAML () Enter the following YAML.
--- apiVersion: operator.ibm.com/v1alpha1 kind: OperandRequest metadata: name: common-service namespace: ibm-common-services spec: requests: - operands: - name: ibm-cert-manager-operator registry: common-service registryNamespace: ibm-common-services
- Click the Create button.
-
To verify that the installation completed successfully:
-
Run the
oc login
command on the client machine where the OpenShift CLI is installed. -
Run the following command:
oc get certmanager default -n ibm-common-services -o template --template {{.status.certManagerStatus}} ; echo
You should see a message Successfully deployed cert-manager when completed. It may take some minutes. You can try after some time that if the preceding command did not return that status or is still showing a message that the resource type certmanager does not exist.
Then you can confirm the new pods created are ready. The pods should show all Ready and 1/1 after some minutes.oc get pods -n ibm-common-services
Sample outputNAME READY STATUS RESTARTS AGE cert-manager-cainjector-75ccfc98c4-p94p2 1/1 Running 0 96s cert-manager-controller-7684dd8d97-kkhtr 1/1 Running 0 97s cert-manager-webhook-749998d7f8-rqm7r 1/1 Running 0 96s configmap-watcher-74b5b6b848-m8dbs 1/1 Running 0 97s ibm-cert-manager-operator-6c7c8d6768-8gv7j 1/1 Running 0 2m6s ibm-common-service-operator-6474b4554b-dcx52 1/1 Running 0 18m ibm-common-service-webhook-7f56b4658b-zx6hf 1/1 Running 0 17m ibm-namespace-scope-operator-54b98488d4-rg7wc 1/1 Running 0 17m operand-deployment-lifecycle-manager-65564b8fd9-drddx 1/1 Running 0 16m secretshare-6b9f4fd485-5bh9w 1/1 Running 0 17m
-
Run the
-
Increase the memory and CPU for the cert-manager operator.
If the operator cannot start due to Out of Memory (OOM) issues, you can increase the limit and request values of cert-manager operator on its csv:
-
Run the
oc login
command on the client machine where the OpenShift CLI is installed. -
Run the following command:
oc get csv -n ibm-common-services
In the Output of this command, under the Name column, take note of the name of the
ibm-cert-manager-operator
, for example:ibm-cert-manager-operator.v3.20.0
-
Run the following command replacing
$csvname
by the name obtained in the previous step:oc edit csv -n ibm-common-services $csvname
- Type /limit and Click Enter key to search for the element limit in the YAML.
-
When found, press Esc key and i key to edit it,
changing the CPU and memory values for limits and
requests as follows:
resources: limits: cpu: 200m memory: 400Mi requests: cpu: 100m memory: 200Mi
- After changes done as described in the previous step, press Esc key again and type :wq and confirm pressing the Enter key.
-
You should see a message like the following returned:
clusterserviceversion.operators.coreos.com/ibm-cert-manager-operator.v3.20.0 edited
-
Run the
Installing by using the OpenShift command-line interface (CLI)
Procedure
-
Run the
oc login
command on the client machine where the OpenShift CLI is installed. -
Create the YAML file cert-mgr-operand.yaml with the following
content:
--- apiVersion: operator.ibm.com/v1alpha1 kind: OperandRequest metadata: name: common-service namespace: ibm-common-services spec: requests: - operands: - name: ibm-cert-manager-operator registry: common-service registryNamespace: ibm-common-services
-
Apply the cert-mgr-operand.yaml file to the Red Hat OpenShift cluster:
oc apply -f cert-mgr-operand.yaml
-
To verify that the installation completed successfully:
-
Run the
oc login
command on the client machine where the OpenShift CLI is installed. -
Run the following command:
oc get certmanager default -n ibm-common-services -o template --template {{.status.certManagerStatus}} ; echo
You should see a message Successfully deployed cert-manager when completed. It may take some minutes. You can try after some time that if the preceding command did not return that status or is still showing a message that the resource type certmanager does not exist.
Then you can confirm the new pods created are ready. The pods should show all Ready and 1/1 after some minutes.oc get pods -n ibm-common-services
Sample outputNAME READY STATUS RESTARTS AGE cert-manager-cainjector-75ccfc98c4-p94p2 1/1 Running 0 96s cert-manager-controller-7684dd8d97-kkhtr 1/1 Running 0 97s cert-manager-webhook-749998d7f8-rqm7r 1/1 Running 0 96s configmap-watcher-74b5b6b848-m8dbs 1/1 Running 0 97s ibm-cert-manager-operator-6c7c8d6768-8gv7j 1/1 Running 0 2m6s ibm-common-service-operator-6474b4554b-dcx52 1/1 Running 0 18m ibm-common-service-webhook-7f56b4658b-zx6hf 1/1 Running 0 17m ibm-namespace-scope-operator-54b98488d4-rg7wc 1/1 Running 0 17m operand-deployment-lifecycle-manager-65564b8fd9-drddx 1/1 Running 0 16m secretshare-6b9f4fd485-5bh9w 1/1 Running 0 17m
-
Run the
-
Increase the memory and CPU for the cert-manager operator.
If the operator cannot start due to Out of Memory (OOM) issues, you can increase the limit and request values of cert-manager operator on its csv:
-
Run the
oc login
command on the client machine where the OpenShift CLI is installed. -
Run the following command:
oc get csv -n ibm-common-services
In the Output of this command, under the Name column, take note of the name of the
ibm-cert-manager-operator
, for example:ibm-cert-manager-operator.v3.20.0
-
Run the following command replacing
$csvname
by the name obtained in the previous step:oc edit csv -n ibm-common-services $csvname
- Type /limit and Click Enter key to search for the element limit in the YAML.
-
When found, press Esc key and i key to edit it,
changing the CPU and memory values for limits and
requests as follows:
resources: limits: cpu: 200m memory: 400Mi requests: cpu: 100m memory: 200Mi
- After changes done as described in the previous step, press Esc key again and type :wq and confirm pressing the Enter key.
-
You should see a message like the following returned:
clusterserviceversion.operators.coreos.com/ibm-cert-manager-operator.v3.20.0 edited
-
Run the