Installing cert-manager using Venafi Control Plane Operator¶
When using Red Hat OpenShift cluster, it is recommended to use the Venafi Control Plane Operator to deploy Venafi components, including the cert-manager.
Follow the steps below to deploy the default version of cert-manager. If the Venafi Control Plane Operator has not been deployed to your OpenShift cluster yet, follow the instructions outlined in the Installing Venafi Control Plane Operator page.
Step 1: Configure access to the Venafi OCI registry¶
Important
Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.
For the example below, it's assumed that you created the following Kubernetes Secret:
- namespace:
venafi - name:
venafi-image-pull-secret
Step 2: Create an instance of VenafiInstall to deploy cert-manager¶
-
Create a YAML file, for example,
venafi-components.yaml, with the following content:Use this version of
venafi-components.yamlas a basis if you are installing cert-manager from Venafi's US registry:venafi-components.yamlapiVersion: installer.venafi.com/v1alpha1 kind: VenafiInstall metadata: name: venafi-components spec: globals: customChartRepository: oci://registry.venafi.cloud/charts customImageRegistry: private-registry.venafi.cloud imagePullSecretNames: [venafi-image-pull-secret] namespace: venafi vpcRegion: US certManager: install: trueRegional registries
The example above uses the Venafi US registry parameters. If you want to use a different Venafi registry replace
vcpRegion: USandregion: USwith the relevant regional repository value:-
EU registry
venafi-components.yaml... spec: globals: ... vcpRegion: EU region: EU ... -
UK registry
venafi-components.yaml... spec: globals: ... vcpRegion: UK region: EU ... -
Australia registry
venafi-components.yaml... spec: globals: ... vcpRegion: AU region: US ... -
Canada registry
venafi-components.yaml... spec: globals: ... vcpRegion: CA region: US ... -
Singapore registry
venafi-components.yaml... spec: globals: ... vcpRegion: SG region: US ...
For more information on Venafi OCI registries, see Configuring access to a Venafi OCI Registry.
Use this version of
venafi-components.yamlas a basis if you are installing cert-manager from your own registry:venafi-components.yamlapiVersion: installer.venafi.com/v1alpha1 kind: VenafiInstall metadata: name: venafi-components spec: globals: customChartRepository: oci://my-registry.example.com/charts customImageRegistry: my-registry.example.com certManager: install: trueTip
For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.
-
-
Apply the manifest by running the following command:
oc apply -f venafi-components.yaml
Step 3: Verifying the configuration¶
Verify whether cert-manager is successfully installed by running the following command:
oc get pods -n venafi
Sample output:
NAME READY STATUS RESTARTS AGE
cert-manager-a317f649c4-dp632 1/1 Running 0 1m1s
cert-manager-cainjector-3125b8f897-g1adf 1/1 Running 0 1m7s
cert-manager-webhook-26228cbdd-f9121 1/1 Running 0 1m11s