QuickstartPreview

Configure access to the enterprise registry

🔑 Follow the instructions in Access to enterprise components to enable access to the artifacts required for this component. Use jetstack-secure as the namespace.

For the example below, we assume you created the following Kubernetes Secret: namespace: jetstack-secure name: jse-gcr-creds

Create an example Installation with a self-signed issuer

Apply Installation resource:

kubectl apply -f - <<EOF
apiVersion: operator.jetstack.io/v1alpha1
kind: Installation
metadata:
name: quickstart-example
spec:
certManager: {}
approverPolicy: {}
images:
secret: jse-gcr-creds # see https://platform.jetstack.io/documentation/configuration/js-operator/quickstart
issuers:
- name: quickstart-issuer
clusterScope: true
selfSigned: {}
EOF
Copy to clipboard

For this Installation TLS Protect for Kubernetes Operator will create:

  • cert-manager installation in jetstack-secure Namespace

  • approver-policy installation in jetstack-secure Namespace

  • a self-signed [1] cert-manager ClusterIssuer quickstart-issuer

  • a default, 'all allowed' CertificateRequestPolicy for the issuer

  • RBAC that allows cert-manager ServiceAccount to use the CertificateRequestPolicy

Wait for the Installation to become ready:

kubectl wait --for=condition=Ready installation/quickstart-example
Copy to clipboard

This should not take more than a minute or a few.

Observe information about the created components and resources on Installation spec:

kubectl get installation quickstart-example -ojsonpath='{range .status.conditions[*]}{"type:"}{.type}{" status:"}{.status}{" reason:"}{.reason}{" message:"}{.message}{"\n"}{end}'
Copy to clipboard

Observe created ClusterIssuer:

kubectl get clusterissuer/quickstart-issuer -oyaml
Copy to clipboard

Create a Certificate resource:

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: quickstart-cert
spec:
secretName: quickstart-cert
dnsNames:
- "example.com"
issuerRef:
name: quickstart-issuer
kind: ClusterIssuer
group: cert-manager.io
EOF
Copy to clipboard

Observe the Certificate to become ready:

kubectl get certificate/quickstart-cert
Copy to clipboard

Next steps

View more detailed configuration guides:

  • 1.

    self-signed issuer type is not recommended to be used in production ↩

On this page