Installing OpenShift Routes using Helm¶
Learn how to install OpenShift Routes for cert-manager using Helm.
Important
If you use your own registry, which replicates the Venafi images, replace the address of your own registry in any of the relevant commands given on this page.
Step 1: Configure access to the Venafi OCI registry¶
Configure access to the Venafi OCI registry. Follow the instructions in Configuring access to the Venafi OCI Registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.
The sample file below, for example, assumes you created a Kubernetes Secret using venafi as the namespace and venafi-image-pull-secret as the name of the secret.
Step 2: Install cert-manager using Helm¶
If you are running OpenShift Routes you must also install cert-manager.
-
To install cert-manager in the venafi namespace, and configure it to use the pull-secret, create a file
cert-manager.values.yamlcontaining the following content.A sample
cert-manager.values.yamlfor users of the US region OCI registry:cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-controller acmesolver: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-acmesolver webhook: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-webhook cainjector: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-cainjector startupapicheck: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-startupapicheckA sample
cert-manager.values.yamlfor users of the EU region OCI registry:cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: private-registry.venafi.eu/cert-manager/cert-manager-controller acmesolver: image: repository: private-registry.venafi.eu/cert-manager/cert-manager-acmesolver webhook: image: repository: private-registry.venafi.eu/cert-manager/cert-manager-webhook cainjector: image: repository: private-registry.venafi.eu/cert-manager/cert-manager-cainjector startupapicheck: image: repository: private-registry.venafi.eu/cert-manager/cert-manager-startupapicheckA sample
cert-manager.values.yamlfor users with their own OCI registry:cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: myregistry.example.com/cert-manager/cert-manager-controller acmesolver: image: repository: myregistry.example.com/cert-manager/cert-manager-acmesolver webhook: image: repository: myregistry.example.com/cert-manager/cert-manager-webhook cainjector: image: repository: myregistry.example.com/cert-manager/cert-manager-cainjector startupapicheck: image: repository: myregistry.example.com/cert-manager/cert-manager-startupapicheckNote
As of cert-manager v1.15.0, the
installCRDsvalue is deprecated in favor ofcrds.enabled. -
Use Helm to install the software and wait for it to be ready:
helm upgrade cert-manager oci://registry.venafi.cloud/charts/cert-manager \ --install \ --wait \ --create-namespace \ --namespace venafi \ --values cert-manager.values.yaml \ --version v1.16.1Note
For more information about Helm support for OCI package distribution, see the Helm documentation.
Step 3: Install OpenShift Routes using Helm¶
-
Create a
openshiftroutes.values.yamlfile to define any Helm values you require. For example:image: repository: private-registry.venafi.cloud/openshift-routes/cert-manager-openshift-routes imagePullSecrets: - name: venafi-image-pull-secretFor more information on the available Helm values for OpenShift Routes, see OpenShift Routes Helm values.
-
Type the following command:
helm upgrade openshift-routes oci://registry.venafi.cloud/charts/openshift-routes \ --install \ --wait \ --namespace venafi \ --version v0.7.1 \ --values openshiftroutes.values.yamlNote
For more information about Helm support for OCI package distribution, see the Helm documentation.