Helm/Cert Manager: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
helm repo add jetstack https://charts.jetstack.io | helm repo add jetstack https://charts.jetstack.io | ||
helm repo update && helm repo list | helm repo update && helm repo list | ||
kubectl config get-contexts | |||
==Config== | ==Config== | ||
Line 151: | Line 152: | ||
* [https://docs.bitnami.com/kubernetes/infrastructure/cert-manager/configuration/generate-acme-certificates/ Helm » Bitnami » ACME TLS Certificates] | * [https://docs.bitnami.com/kubernetes/infrastructure/cert-manager/configuration/generate-acme-certificates/ Helm » Bitnami » ACME TLS Certificates] | ||
* [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | * [https://stackoverflow.com/questions/75596795/ Helm » Pass YAML/JSON using <code>stdin</code>] | ||
* [https://artifacthub.io/packages/helm/cert-manager/cert-manager Helm » | * [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | ||
* [https://artifacthub.io/packages/helm/cert-manager/cert-manager Helm » Cert Manager] | |||
* [[Helm]] | * [[Helm]] | ||
Line 164: | Line 166: | ||
| valign="top" | | | valign="top" | | ||
* [https://heksahiti.medium.com/install-cert-manager-with-helm-and-automate-the-certificate-issue-and-renewal-process-in-a-k8s-7f6455416521 Cert Manager » Install & Automate The Renewal] | * [https://heksahiti.medium.com/install-cert-manager-with-helm-and-automate-the-certificate-issue-and-renewal-process-in-a-k8s-7f6455416521 Cert Manager » Install & Automate The Renewal] | ||
* [https://cert-manager.io/docs/usage/ingress/ Cert Manager » Annotated Ingress resource] | |||
* [https://cert-manager.io/docs/configuration/acme/http01/ Cert Manager » ACME » HTTP01] | |||
* [https://cert-manager.io/docs/configuration/acme/dns01/acme-dns/ Cert Manager » ACME » DNS01] | |||
* [https://cert-manager.io/docs/configuration/selfsigned/ Cert Manager » SelfSigned] | |||
* [https://cert-manager.io/docs/configuration/issuers/ Cert Manager » Issuers] | |||
* [https://cert-manager.io/docs/usage/certificate/ Cert Manager] | * [https://cert-manager.io/docs/usage/certificate/ Cert Manager] | ||
Latest revision as of 12:17, 22 August 2024
helm repo add jetstack https://charts.jetstack.io helm repo update && helm repo list kubectl config get-contexts
Config
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
Install
kubectl create namespace cert-manager
helm show values jetstack/cert-manager --version v1.15.1|less
cat <<YML | helm install -n cert-manager cert-manager jetstack/cert-manager --version v1.15.1 -f -
crds:
enabled: true
ingressShim:
defaultIssuerName: letsencrypt-prod
defaultIssuerKind: ClusterIssuer
prometheus:
enabled: false
webhook:
timeoutSeconds: 30
YML
|
Uninstall
helm uninstall -n cert-manager cert-manager
kubectl delete namespace cert-manager
Cluster Issuer » Let's Encrypt
cat << YML | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
YML
kubectl get clusterissuer
Cluster Issuer » Self Signed
cat << YML | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
YML
kubectl get clusterissuer
Playground
helm install -n cert-manager cert-manager jetstack/cert-manager --version v1.14.7
helm upgrade -n cert-manager -i cert-manager jetstack/cert-manager --version v1.15.1
helm show values jetstack/cert-manager --version v1.15.1|less
| |
| |
export CERT_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cert-manager' -o json|jq -r '.items[0].metadata.name')
export CA_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cainjector' -o json|jq -r '.items[0].metadata.name')
export HOOK_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=webhook' -o json|jq -r '.items[0].metadata.name')
kubectl exec -n cert-manager -it svc/cert-manager-webhook -c cert-manager-webhook -- bash
kubectl exec -n cert-manager -it svc/cert-manager -c cert-manager-controller -- bash
kubectl exec -n cert-manager -it svc/cert-manager -c init -- bash
kubectl -n cert-manager exec -it ${CERT_POD_NAME} -- bash
| |
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
| |
kubectl delete all --all -n cert-manager
kubectl delete ing --all -n cert-manager
kubectl delete sts --all -n cert-manager
|
kubectl delete svc --all -n cert-manager
kubectl delete pvc --all -n cert-manager
kubectl delete pv --all -n cert-manager
|
| |
kubectl rollout -n cert-manager history deploy cert-manager
kubectl rollout -n cert-manager restart deploy cert-manager
kubectl rollout -n cert-manager status deploy cert-manager
|
kubectl logs -n cert-manager -f ${CERT_POD_NAME}
kubectl logs -n cert-manager -f ${HOOK_POD_NAME}
kubectl logs -n cert-manager -f ${CA_POD_NAME}
|
References
| ||
| ||