Installing OpenShift Routes for cert-manager using Helm¶
Learn how to install OpenShift Routes for cert-manager for cert-manager using Helm.
Important
If you use your own registry, which replicates the CyberArk images, replace the address of your own registry in any of the relevant commands given on this page.
Step 1: Configure access to the CyberArk OCI registry¶
Configure access to the CyberArk OCI registry. Follow the instructions in Configuring access to the CyberArk OCI Registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.
The sample file below, for example, assumes you created a Kubernetes Secret using venafi as the namespace and venafi-image-pull-secret as the name of the secret.
Step 2: Install cert-manager using Helm¶
If you are running OpenShift Routes for cert-manager you must also install cert-manager.
-
To install cert-manager in the venafi namespace, and configure it to use the pull-secret, create a file
cert-manager.values.yamlcontaining the following content.A sample
cert-manager.values.yamlfor users of the US region OCI registry:cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-controller acmesolver: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-acmesolver webhook: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-webhook cainjector: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-cainjector startupapicheck: image: repository: private-registry.venafi.cloud/cert-manager/cert-manager-startupapicheckRegional registries
The example above uses the US-based OCI registry. Tenants in the following Certificate Manager - SaaS regions—US, Canada, Australia, and Singapore must use this registry. Tenants in the EU and UK must use the EU registry:
private-registry.venafi.eu.For more information on CyberArk OCI registries, see Configuring access to a CyberArk OCI Registry.
A sample
cert-manager.values.yamlfor users with their own OCI registry:cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: myregistry.example.com/cert-manager/cert-manager-controller acmesolver: image: repository: myregistry.example.com/cert-manager/cert-manager-acmesolver webhook: image: repository: myregistry.example.com/cert-manager/cert-manager-webhook cainjector: image: repository: myregistry.example.com/cert-manager/cert-manager-cainjector startupapicheck: image: repository: myregistry.example.com/cert-manager/cert-manager-startupapicheckNote
As of cert-manager v1.15.0, the
installCRDsvalue is deprecated in favor ofcrds.enabled. -
Use Helm to install the software and wait for it to be ready:
helm upgrade cert-manager oci://registry.venafi.cloud/charts/cert-manager \ --install \ --wait \ --create-namespace \ --namespace venafi \ --values cert-manager.values.yaml \ --version v1.19.1Note
For more information about Helm support for OCI package distribution, see the Helm documentation.
Step 3: Install OpenShift Routes for cert-manager using Helm¶
-
Create a
openshiftroutes.values.yamlfile to define any Helm values you require. For example:image: repository: private-registry.venafi.cloud/openshift-routes/cert-manager-openshift-routes imagePullSecrets: - name: venafi-image-pull-secretFor more information on the available Helm values for OpenShift Routes for cert-manager, see OpenShift Routes for cert-manager Helm values.
-
Type the following command:
helm upgrade openshift-routes oci://registry.venafi.cloud/charts/openshift-routes \ --install \ --wait \ --namespace venafi \ --version v0.8.3 \ --values openshiftroutes.values.yamlNote
For more information about Helm support for OCI package distribution, see the Helm documentation.