OpenShift cert-manager

From Dogtag
Revision as of 03:41, 14 January 2020 by Edewata (talk | contribs) (Deleting ACME Certificate)

Jump to: navigation, search

Authentication

To authenticate as system:admin:

$ oc login -u system:admin

To authenticate as kubeadmin:

$ oc login -u kubeadmin -p <password> https://api.crc.testing:6443

Installing cert-manager

$ oc create namespace cert-manager
$ oc apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager-openshift.yaml

Creating ACME Issuer

Prepare the following file (e.g. letsencrypt-staging.yaml):

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: admin@example.com
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - http01:
       ingress:
         class: nginx

Then execute the following command:

$ oc create -f letsencrypt-staging.yaml

Verify with the following command:

$ oc describe clusterissuers/letsencrypt-staging

Creating ACME Certificate

Prepare a Certificate configuration (e.g. letsencrypt-cert.yaml):

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: example-com
  namespace: cert-manager
spec:
  secretName: example-com-tls
  duration: 2160h
  renewBefore: 360h
  organization:
  - dogtagpki
  isCA: false
  keySize: 2048
  keyAlgorithm: rsa
  keyEncoding: pkcs1
  usages:
    - server auth
    - client auth
  dnsNames:
  - example.com
  - www.example.com
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer

Then execute the following command:

$ oc create -f letsencrypt-cert.yaml

To verify the certificate:

$ oc describe cert/example-com -n cert-manager

Deleting ACME Certificate

$ oc delete cert/example-com -n cert-manager

Deleting ACME Issuer

$ oc delete clusterissuers/letsencrypt-staging

See Also