TLS Protect for Kubernetes
Log inCreate account

QuickstartPreview

Configure access to the enterprise registry

🔑 Follow the instructions in Access to enterprise components to enable access to the artifacts required for this component. Use jetstack-secure as the namespace.

For the example below, we assume you created the following Kubernetes Secret: namespace: jetstack-secure name: jse-gcr-creds

Create an example Installation with a self-signed issuer

Apply Installation resource:

kubectl apply -f - <<EOF
apiVersion: operator.jetstack.io/v1alpha1
kind: Installation
metadata:
  name: quickstart-example
spec:
  certManager: {}
  approverPolicy: {}
  images:
    secret: jse-gcr-creds # see https://platform.jetstack.io/documentation/configuration/js-operator/quickstart
  issuers:
  - name: quickstart-issuer
    clusterScope: true
    selfSigned: {}
EOF
Copy to clipboard

For this Installation TLS Protect for Kubernetes Operator will create:

  • cert-manager installation in jetstack-secure Namespace

  • approver-policy installation in jetstack-secure Namespace

  • a self-signed [1] cert-manager ClusterIssuer quickstart-issuer

  • a default, 'all allowed' CertificateRequestPolicy for the issuer

  • RBAC that allows cert-manager ServiceAccount to use the CertificateRequestPolicy

Wait for the Installation to become ready:

kubectl wait --for=condition=Ready installation/quickstart-example
Copy to clipboard

This should not take more than a minute or a few.

Observe information about the created components and resources on Installation spec:

kubectl get installation quickstart-example -ojsonpath='{range .status.conditions[*]}{"type:"}{.type}{" status:"}{.status}{" reason:"}{.reason}{" message:"}{.message}{"\n"}{end}'
Copy to clipboard

Observe created ClusterIssuer:

kubectl get clusterissuer/quickstart-issuer -oyaml
Copy to clipboard

Create a Certificate resource:

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: quickstart-cert
spec:
  secretName: quickstart-cert
  dnsNames:
  - "example.com"
  issuerRef:
    name: quickstart-issuer
    kind: ClusterIssuer
    group: cert-manager.io
EOF
Copy to clipboard

Observe the Certificate to become ready:

kubectl get certificate/quickstart-cert
Copy to clipboard

Next steps

View more detailed configuration guides:

  • 1.

    self-signed issuer type is not recommended to be used in production ↩

On this page