Red Hat Summitこのコンテンツは選択した言語では利用できません。
Chapter 3. Using certificate manager on a MicroShift node
The MicroShift certificate manager supports managing TLS certificates. This integration results in the issue, renewal, and management of certificate from certificate authorities.
3.1. MicroShift certificate manager functions
With MicroShift certificate manager, you can complete the following tasks:
-
Automates certificate management: cert-manager creates or updates certificates and detects Kubernetes resources that are annotated with
cert-manager.io/kind. - Supports multiple CAs: provides flexibility to select one that fits the security and operational needs.
- Simplifies ingress certificates: cert-manager handles certificates for an ingress controller, which simplifies the configuration and management of secure communication channels.
- Enhances security: certificate management is automated and the risk of error is reduced. Certificates are current and valid, which contribute to a secure environment.
3.2. Installing and enabling the cert-manager Operator using RPM
The microshift-cert-manager RPM is an optional component that can be installed at any time. Follow these steps to install and verify the certificate manager:
Procedure
Install the
cert-manager-operatorusing themicroshift-cert-managerRPM by running the following command:$ sudo dnf install microshift-cert-managerVerify the certificate manager versions that are used by running the following command:
$ rpm -qi microshift-cert-managerRestart MicroShift by running the following command:
$ systemctl microshift restartVerify that the
microshift-cert-managerRPM is installed by running the following command:$ oc get deployment -n cert-manager-operatorExample output
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager-operator-controller-manager 1/1 1 1 2d22hVerify that the`cert-manager` deployments are in a ready state and are up-to-date in the cert-manager namespace by running the following command:
$ oc get deployment -n cert-managerExample output
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager 1/1 1 1 2d22h cert-manager-cainjector 1/1 1 1 2d22h cert-manager-webhook 1/1 1 1 2d22hVerify that the pods are running in the
cert-managernamespace by running the following command:$ oc get pods -n cert-managerExample output
NAME READY STATUS RESTARTS AGE cert-manager-7cfb4fbb84-qdmk8 1/1 Running 2 2d22h cert-manager-cainjector-854f669657-xzs8b 1/1 Running 2 2d22h cert-manager-webhook-68fd6d5f5c-j942h 1/1 Running 2 2d22h
3.3. Installing and enabling the cert-manager Operator using OLM
You can install the optional microshift-cert-manager by using OLM at any time. For more information, see Using Operator Lifecycle Manager with MicroShift and Installing the cert-manager Operator for Red Hat OpenShift.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}