Difference between revisions of "OpenShift cert-manager"
From Dogtag
m (→Deleting ACME Certificate) |
m (→Creating ACME Certificate) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 22: | Line 22: | ||
= Creating ACME Issuer = | = Creating ACME Issuer = | ||
− | Prepare the following file (e.g. | + | Prepare the following file (e.g. acme-responder.yaml): |
<pre> | <pre> | ||
Line 39: | Line 39: | ||
ingress: | ingress: | ||
class: nginx | class: nginx | ||
− | |||
</pre> | </pre> | ||
Line 91: | Line 90: | ||
</pre> | </pre> | ||
− | To | + | To check the certificate status: |
<pre> | <pre> | ||
− | $ oc describe cert/acme-cert -n cert-manager | + | $ oc describe -n cert-manager cert/acme-cert |
+ | </pre> | ||
+ | |||
+ | To check the order status: | ||
+ | |||
+ | <pre> | ||
+ | $ oc describe order -n cert-manager acme-cert-<order> | ||
</pre> | </pre> | ||
Line 100: | Line 105: | ||
<pre> | <pre> | ||
− | $ oc delete cert/acme-cert | + | $ oc delete -n cert-manager cert/acme-cert |
</pre> | </pre> | ||
Line 107: | Line 112: | ||
<pre> | <pre> | ||
$ oc delete clusterissuers/acme-responder | $ oc delete clusterissuers/acme-responder | ||
+ | </pre> | ||
+ | |||
+ | = Troubleshooting = | ||
+ | |||
+ | <pre> | ||
+ | $ oc logs -n cert-manager deploy/cert-manager -f | ||
</pre> | </pre> | ||
Revision as of 19:41, 14 January 2020
Contents
Authentication
To authenticate as system:admin:
$ oc login -u system:admin
To authenticate as kubeadmin:
$ oc login -u kubeadmin -p <password> https://api.crc.testing:6443
Installing cert-manager
$ oc create namespace cert-manager $ oc apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager-openshift.yaml
Creating ACME Issuer
Prepare the following file (e.g. acme-responder.yaml):
apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: acme-responder spec: acme: email: admin@example.com server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: acme-responder solvers: - http01: ingress: class: nginx
Then execute the following command:
$ oc create -f acme-responder.yaml
Verify with the following command:
$ oc describe clusterissuers/acme-responder
Creating ACME Certificate
Prepare a Certificate configuration (e.g. letsencrypt-cert.yaml):
apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: acme-cert namespace: cert-manager spec: secretName: acme-cert-tls duration: 2160h renewBefore: 360h organization: - dogtagpki isCA: false keySize: 2048 keyAlgorithm: rsa keyEncoding: pkcs1 usages: - server auth - client auth dnsNames: - example.com - www.example.com issuerRef: name: acme-responder kind: ClusterIssuer
Then execute the following command:
$ oc create -f acme-cert.yaml
To check the certificate status:
$ oc describe -n cert-manager cert/acme-cert
To check the order status:
$ oc describe order -n cert-manager acme-cert-<order>
Deleting ACME Certificate
$ oc delete -n cert-manager cert/acme-cert
Deleting ACME Issuer
$ oc delete clusterissuers/acme-responder
Troubleshooting
$ oc logs -n cert-manager deploy/cert-manager -f