Deploy cert-manager¶
In this section you will deploy cert-manager and configure it to use a self-signed ClusterIssuer.
Fast Forward
If you have already deployed cert-manager and configured it to use a self-signed ClusterIssuer, for example, if you have exposed EKF with ELB, proceed to the What’s Next section.
If you are going to use an already issued SSL certificate, you may proceed to the What’s Next section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsEdit
rok/cert-manager/cert-manager/overlays/deploy/kustomization.yaml
and enable the self-signed ClusterIssuer resource:resources: - cluster-issuer-self-signed.yaml #- cluster-issuer-letsencrypt-prod.yamlCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure cert-manager"Install cert-manager resources along with the self-signed ClusterIssuer:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/cert-manager/cert-manager/overlays/deploy
Verify¶
Verify that cert-manager is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1 for all Pods:
root@rok-tools:~/ops/deployments# kubectl -n cert-manager get pods NAME READY STATUS RESTARTS AGE cert-manager-58bcc6fc8c-s4bm7 1/1 Running 0 1m cert-manager-cainjector-54ffb448d4-tkt9s 1/1 Running 0 1m cert-manager-webhook-6d749899cf-9kjj6 1/1 Running 0 1m