Install cert-manager
Install cert-manager to use with AWS Certificate Manager (ACM) in your Kubernetes and OpenShift environments.
To use AWS, you also must install the aws-privateca-issuer plug-in for the AWS Certificate Manager Private Certificate Authority (AWS ACM PCA). This plug-in helps you use ACM to create and manage the root and intermediate CA certificates for Gloo Mesh Enterprise.
Install cert-manager
-
In your management cluster, install
cert-manager. For more information about installation options and versions, see the cert-manager documentaton.kubectlinstallation:kubectl apply --context $MGMT_CONTEXT -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml- Helm installation:
helm repo add jetstack https://charts.jetstack.io helm repo update helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.5.4 \ --set installCRDs=true
-
Verify that
cert-managerwas successfully installed.kubectl get po -n cert-manager --context $MGMT_CONTEXTExample output:
NAME READY STATUS RESTARTS AGE cert-manager-7c6f78c46d-247br 1/1 Running 0 17s cert-manager-cainjector-668d9c86df-7cqb8 1/1 Running 0 17s cert-manager-webhook-764b556954-2m4zf 1/1 Running 0 17s
Install the AWS ACM PCA plug-in
-
Install the AWS ACM PCA plug-in. For more information, see the
aws-privateca-issuerplug-in documentationhelm repo add awspca https://cert-manager.github.io/aws-privateca-issuer helm repo update helm upgrade pca-issuer \ --install awspca/aws-privateca-issuer \ --namespace cert-manager \ --set image.tag=v1.2.1 -
Verify that the plug-in was successfully installed.
kubectl get po -n cert-manager --context $MGMT_CONTEXTExample output:
NAME READY STATUS RESTARTS AGE ... pca-issuer-aws-privateca-issuer-6768d7454b-w8d4l 1/1 Running 0 15s