Skip to content

Installing cert-manager using Venafi OCI registries

Note

For information about different installation options, see the cert-manager open-source documentation Installing cert-manager with Helm.

This section discusses installing cert-manager using the Venafi CLI utility, and also using Helm.

Prerequisites

  • To install cert-manager using the Venafi CLI utility, download and install the relevant version of the Venafi CLI tool for your platform.
  • To install cert-manager using Helm, you must have kubectl and Helm 3.8.0 or later installed on your local computer.

Important

If you use your own registry, which replicates the Venafi images, replace the address of your own registry in any of the relevant commands given on this page.

To install cert-manager using a Venafi Kubernetes manifest

  1. Issue the following command to generate a Venafi Kubernetes manifest which, when applied, installs the default version of cert-manager to the venafi namespace:

    # Generate a Venafi Kubernetes manifest
venctl components kubernetes manifest generate --cert-manager > venafi-components.yaml

# Install the cert-manager
venctl components kubernetes manifest tool sync -f venafi-components.yaml

    For more information and options on using the Venafi CLI tool to install cert-manager, see the Venafi CLI tool reference page.

Tip

You can also use the venctl components kubernetes apply command to install this component on a Kubernetes cluster quickly and easily for test purposes. Note that this command is not recommended for use in production environments.

See venctl components kubernetes apply for more information on how to use the command with this component.

To install cert-manager using Helm

  1. Configure access to the Venafi OCI registry. Follow the instructions in Configuring access to the Venafi OCI Registry to enable access to the artifacts required for this component (Enterprise cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

    The sample file below, for example, assumes you created the following Kubernetes Secret:

    • namespace: venafi
    • name: venafi-image-pull-secret

  2. To install cert-manager in the venafi namespace, and configure it to use the pull-secret, create a file cert-manager.values.yaml containing the following content.

    A sample cert-manager.values.yaml for users of the US region OCI registry:

    # cert-manager.values.yaml
global:
  imagePullSecrets:
    - name: venafi-image-pull-secret

installCRDs: true

image:
  repository: private-registry.venafi.cloud/cert-manager/cert-manager-controller

acmesolver:
  image:
    repository: private-registry.venafi.cloud/cert-manager/cert-manager-acmesolver

webhook:
  image:
    repository: private-registry.venafi.cloud/cert-manager/cert-manager-webhook

cainjector:
  image:
    repository: private-registry.venafi.cloud/cert-manager/cert-manager-cainjector

startupapicheck:
  image:
    repository: private-registry.venafi.cloud/cert-manager/cert-manager-ctl

    A sample cert-manager.values.yaml for users of the EU region OCI registry:

    # cert-manager.values.yaml
global:
  imagePullSecrets:
    - name: venafi-image-pull-secret

installCRDs: true

image:
  repository: private-registry.venafi.eu/cert-manager/cert-manager-controller

acmesolver:
  image:
    repository: private-registry.venafi.eu/cert-manager-acmesolver

webhook:
  image:
    repository: private-registry.venafi.eu/cert-manager/cert-manager-webhook

cainjector:
  image:
    repository: private-registry.venafi.eu/cert-manager/cert-manager-cainjector

startupapicheck:
  image:
    repository: private-registry.venafi.eu/cert-manager/cert-manager-ctl

  3. Use Helm to install the software and wait for it to be ready:

    helm upgrade cert-manager oci://registry.venafi.cloud/charts/cert-manager \
--install \
--wait \
--create-namespace \
--namespace venafi \
--values cert-manager.values.yaml \
--version v1.14.4

    Note

    For more information about Helm 3 support for OCI package distribution, see the Helm 3 documentation.

Next Steps