Skip to content

Installing OpenShift Routes for cert-manager using Helm

In this tutorial, you'll use Helm to install OpenShift Routes for cert-manager, which automates TLS certificate management for OpenShift route resources.

Prerequisites

To complete these steps, you must have:

  • An OpenShift cluster.
  • On your local machine, kubectl and Helm 3.8.0+.
  • Permission to install Helm charts in your cluster.
  • cert-manager installed in your cluster.
  • As described in Configuring Next-Gen Trust Security registry access, private registry access through a Built-in Account with the OCI Registry Use Case and cert-manager Components Scope, using kubectl to create a pull secret.
  • Access to a Next-Gen Trust Security tenant.

Install OpenShift Routes for cert-manager

  1. Create a file named openshift-routes.values.yaml to configure the image source and pull secret.

    If using your own registry, uncomment and set imageRegistry and imageNamespace for the Helm chart to resolve image references.

    openshift-routes.values.yaml
    image:
  repository: registry.ngts.paloaltonetworks.com/openshift-routes/cert-manager-openshift-routes
imagePullSecrets:
  - name: ngts-image-pull-secret

# Add if using your own registry
# imageRegistry: myregistry.example.com
# imageNamespace: openshift-routes

  2. Install OpenShift Routes for cert-manager and wait for it to be ready.

    • If you mirror images to your own registry, replace registry.ngts.paloaltonetworks.com with your registry URL in the values file and the Helm command.
    • For FIPS-compliant images, use the chart openshift-routes-fips and set the image repository to registry.ngts.paloaltonetworks.com/openshift-routes/openshift-routes-fips.
    helm upgrade openshift-routes oci://registry.ngts.paloaltonetworks.com/charts/openshift-routes \
  --install \
  --wait \
  --namespace venafi \
  --version v0.9.0 \
  --values openshift-routes.values.yaml

Verify the installation

  1. Check that the OpenShift Routes for cert-manager pod is running:

    kubectl get pods -n venafi -l app.kubernetes.io/name=openshift-routes

    Successful output is similar to the following:

    NAME                                             READY   STATUS    RESTARTS   AGE
cert-manager-openshift-routes-7f4d8c6b5-x2j9k   1/1     Running   0          30s

What's next?

With OpenShift Routes for cert-manager installed, configure it to issue certificates for your OpenShift route resources. See Configuring OpenShift Routes for cert-manager.