Installing OpenShift Routes for cert-manager using Venafi Control Plane Operator¶

Installing OpenShift Routes for cert-manager using Venafi Control Plane Operator is the recommended method for installing this component.

Venafi Control Plane Operator for Red Hat OpenShift is designed to assist users in installing, maintaining, and upgrading Venafi cluster components.

Follow the steps below to deploy the default version of cert-manager and OpenShift Routes using the Venafi Control Plane Operator.

Prerequisites¶

To install OpenShift Routes using the Venafi Control Plane Operator you'll need the following:

Access to the Venafi OCI registry (or your own mirror).
You have Venafi Control Plane Operator already installed on your system.
You have the Red Hat OpenShift CLI tool oc installed on your system.

Step 1: Configure access to the Venafi OCI registry¶

Important

Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

For the example below, it's assumed that you created the following Kubernetes Secret:

namespace: venafi
name: venafi-image-pull-secret

Step 2: Create and apply the manifest¶

Create a manifest venafi-components.yaml. You can use one of the samples below as a base:

US RegionEU RegionOwn Registry

venafi-components.yaml

apiVersion: installer.venafi.com/v1alpha1
kind: VenafiInstall
metadata:
  name: venafi-components
spec:
  globals:
    enableDefaultApprover: false 
    imagePullSecretNames: [venafi-image-pull-secret] 
    namespace: venafi 
    useFIPSImages: false 
    vcpRegion: US 
    region: US 
  certManager: 
    install: true
  openshiftRoutes:
    install: true

venafi-components.yaml

apiVersion: installer.venafi.com/v1alpha1
kind: VenafiInstall
metadata:
  name: venafi-components
spec:
  globals:
    enableDefaultApprover: false 
    imagePullSecretNames: [venafi-image-pull-secret] 
    namespace: venafi 
    useFIPSImages: false 
    vcpRegion: EU 
    region: EU 
  certManager: 
    install: true
  openshiftRoutes:
    install: true

venafi-components.yaml

apiVersion: installer.venafi.com/v1alpha1
kind: VenafiInstall
metadata:
  name: venafi-components
spec:
  globals: 
    customChartRepository: oci://myregistry.example.com/charts
    customImageRegistry: myregistry.example.com
    enableDefaultApprover: false 
    imagePullSecretNames: [venafi-image-pull-secret] 
    namespace: venafi 
    useFIPSImages: false
  certManager: 
    install: true
  openshiftRoutes:
    install: true

Note

Set the spec.certManager.skip parameter to true and the spec.certManager.install parameter to false if you have already installed and configured cert-manager.

Tip

For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.

Apply the manifest by running the following command:
```
oc apply -f venafi-components.yaml
```

Step 3: Verify the installation¶

Verify whether OpenShift Routes is successfully installed by running the following command:

oc get venafiinstall,pods

Sample output:

NAME                                                   STATUS   LAST SYNC
venafiinstall.installer.venafi.com/venafi-components   Synced   4s

NAME                                           READY   STATUS    RESTARTS   AGE
pod/cert-manager-74665849cd-rc66t              1/1     Running   0          44s
pod/cert-manager-cainjector-599d6c48b9-j6jf6   1/1     Running   0          44s
pod/cert-manager-webhook-7546d64c9c-mtzfb      1/1     Running   0          44s
pod/openshift-routes-6657989644-cdgzm          1/1     Running   0          19s
pod/vcp-operator-6f76c5fb67-z2cm2              1/1     Running   0          5d10h

Next steps¶

Configuring OpenShift Routes