Skip to content

Installing cert-manager using Venafi Control Plane Operator

When using Red Hat OpeShift cluster, it is recommended to use the Venafi Control Plane Operator to deploy Venafi components, including the cert-manager.

Follow the steps below to deploy the default version of cert-manager. If the Venafi Control Plane Operator has not been deployed to your OpenShift cluster yet, follow the instructions outlined in the Installing Venafi Control Plane Operator page.

Step 1: Configure access to the Venafi OCI registry

Important

Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

For the example below, it's assumed that you created the following Kubernetes Secret:

  • namespace: venafi
  • name: venafi-image-pull-secret

Step 2: Create an instance of VenafiInstall to deploy cert-manager

  1. Create a YAML file, for example, venafi-components.yaml, with the following content:

    Use this version of venafi-components.yaml as a basis if you are installing cert-manager from Venafi's US registry:

    venafi-components.yaml
    apiVersion: installer.venafi.com/v1alpha1
    kind: VenafiInstall
    metadata:
      name: venafi-components
    spec:
      globals:
        customChartRepository: oci://registry.venafi.cloud/charts
        customImageRegistry: private-registry.venafi.cloud
        imagePullSecretNames: [venafi-image-pull-secret]
        namespace: venafi
        vpcRegion: US
      certManager:
        install: true
    

    Use this version of venafi-components.yaml as a basis if you are installing cert-manager from Venafi's EU registry:

    venafi-components.yaml
    apiVersion: installer.venafi.com/v1alpha1
    kind: VenafiInstall
    metadata:
      name: venafi-components
    spec:
      globals:
        customChartRepository: oci://registry.venafi.cloud/charts
        customImageRegistry: private-registry.venafi.eu
        imagePullSecretNames: [venafi-image-pull-secret]
        namespace: venafi
        vpcRegion: EU
      certManager:
        install: true
    

    Use this version of venafi-components.yaml as a basis if you are installing cert-manager from your own registry:

    venafi-components.yaml
    apiVersion: installer.venafi.com/v1alpha1
    kind: VenafiInstall
    metadata:
      name: venafi-components
    spec:
      globals:
        customChartRepository: oci://my-registry.example.com/charts
        customImageRegistry: my-registry.example.com
      certManager:
        install: true
    

    Tip

    For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.

  2. Apply the manifest by running the following command:

    oc apply -f venafi-components.yaml
    

Step 3: Verifying the configuration

Verify whether cert-manager is successfully installed by running the following command:

oc get pods -n venafi

Sample output:

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-a317f649c4-dp632              1/1     Running   0          1m1s
cert-manager-cainjector-3125b8f897-g1adf   1/1     Running   0          1m7s
cert-manager-webhook-26228cbdd-f9121       1/1     Running   0          1m11s