Important Announcement!

This deprecated version of TLS Protect for Kubernetes, originally known as Jetstack Secure, will be PERMANENTLY SHUTDOWN on May 19, 2025. If you're still using this version, please work with your CyberArk/Venafi account team to transition to the current version of TLS Protect for Kubernetes.

Installing cert-manager

Learn about the different ways to install cert-manager in your cluster using Helm.



Introduction

cert-manager is an open-source software component of TLS Protect for Kubernetes. Additional to the open-source images, cert-manager has a Docker image and a Helm chart which are hosted at the TLS Protect for Kubernetes enterprise OCI registry. In this section you will learn about the different ways to install cert-manager in your cluster using Helm. More details about the different installation options can be found in the open-source documentation Installing cert-manager with Helm.

Docker Images

  • Private Docker image: eu.gcr.io/jetstack-secure-enterprise/cert-manager.
  • Private Helm registry: oci://eu.gcr.io/jetstack-secure-enterprise/charts.

Prerequisites

  • You should install kubectl and helm >= 3.8.0 on your local computer.

Configure access to the enterprise registry

🔑 Follow the instructions in Access to enterprise components to enable access to the artifacts required for this component. Use jetstack-secure as the namespace.

For the example below, we assume you created the following Kubernetes Secret: namespace: jetstack-secure name: jse-gcr-creds

Deploying cert-manager using Helm

Here we install cert-manager in the jetstack-secure namespace and configure it to use the pull-secret that we created earlier.

Create a file called: cert-manager.values.yaml containing the following content:

# cert-manager.values.yaml
global:
imagePullSecrets:
- name: jse-gcr-creds
installCRDs: true
image:
repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-controller
acmesolver:
image:
repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-acmesolver
webhook:
image:
repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-webhook
cainjector:
image:
repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-cainjector
startupapicheck:
image:
repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-ctl
Copy to clipboard

Use Helm to install the software and wait for it to be ready:

helm upgrade cert-manager oci://eu.gcr.io/jetstack-secure-enterprise/charts/cert-manager \
--registry-config <(jsctl registry auth output --format=dockerconfig) \
--install \
--wait \
--create-namespace \
--namespace jetstack-secure \
--values cert-manager.values.yaml \
--version v1.12.1
Copy to clipboard

Next Steps

On this page