Certificate Manager
This page describes the legacy CDM implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to the current CDM implementation as soon as possible. |
Use cert-manager when you deploy the CDM.
Remember, the CDM is a reference implementation and not for production use. When you create a project plan, you’ll need to determine how to manage certificates in production.
After you’ve finished deploying the CDM, you can use the CDM as a sandbox to explore deployment with a different certificate manager.
To deploy the Certificate Manager:
$ /path/to/forgeops/bin/certmanager-deploy.sh customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created . . . service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created deployment.apps/cert-manager-webhook condition met clusterissuer.cert-manager.io/default-issuer created secret/certmanager-ca-secret created
After you’ve deployed the Certificate Manager, check the status of the pods in
the cert-manager
namespace until all the pods are ready:
$ kubectl get pods --namespace cert-manager NAME READY STATUS RESTARTS AGE cert-manager-6d5fd89bdf-khj5w 1/1 Running 0 3m57s cert-manager-cainjector-7d47d59998-h5b48 1/1 Running 0 3m57s cert-manager-webhook-6559cc8549-8vdtp 1/1 Running 0 3m56s