TLS Protect for Kubernetes
Log inCreate account

Installing cert-manager

Learn about the different ways to install cert-manager in your cluster using Helm.



Introduction

cert-manager is an open-source software component of TLS Protect for Kubernetes. Additional to the open-source images, cert-manager has a Docker image and a Helm chart which are hosted at the TLS Protect for Kubernetes enterprise OCI registry. In this section you will learn about the different ways to install cert-manager in your cluster using Helm. More details about the different installation options can be found in the open-source documentation Installing cert-manager with Helm.

Docker Images

  • Private Docker image: eu.gcr.io/jetstack-secure-enterprise/cert-manager.
  • Private Helm registry: oci://eu.gcr.io/jetstack-secure-enterprise/charts.

Prerequisites

  • You should install kubectl and helm >= 3.8.0 on your local computer.

Configure access to the enterprise registry

🔑 Follow the instructions in Access to enterprise components to enable access to the artifacts required for this component. Use jetstack-secure as the namespace.

For the example below, we assume you created the following Kubernetes Secret: namespace: jetstack-secure name: jse-gcr-creds

Deploying cert-manager using Helm

Here we install cert-manager in the jetstack-secure namespace and configure it to use the pull-secret that we created earlier.

Create a file called: cert-manager.values.yaml containing the following content:

# cert-manager.values.yaml
global:
  imagePullSecrets:
    - name: jse-gcr-creds


installCRDs: true


image:
  repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-controller


acmesolver:
  image:
    repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-acmesolver


webhook:
  image:
    repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-webhook


cainjector:
  image:
    repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-cainjector


startupapicheck:
  image:
    repository: eu.gcr.io/jetstack-secure-enterprise/cert-manager-ctl
Copy to clipboard

Use Helm to install the software and wait for it to be ready:

helm upgrade cert-manager oci://eu.gcr.io/jetstack-secure-enterprise/charts/cert-manager \
    --registry-config <(jsctl registry auth output --format=dockerconfig) \
    --install \
    --wait \
    --create-namespace \
    --namespace jetstack-secure \
    --values cert-manager.values.yaml \
    --version v1.12.1
Copy to clipboard

🔰 Read about Helm 3 support for OCI package distribution.

Next Steps

On this page