红帽全球峰会此内容没有您所选择的语言版本。
Chapter 3. Using certificate manager on a MicroShift node
The MicroShift certificate manager supports managing TLS certificates. This integration results in the issue, renewal, and management of certificate from certificate authorities.
3.1. MicroShift certificate manager functions
With MicroShift certificate manager, you can complete the following tasks:
-
Automates certificate management: cert-manager creates or updates certificates and detects Kubernetes resources that are annotated with
cert-manager.io/kind. - Supports multiple CAs: provides flexibility to select one that fits the security and operational needs.
- Simplifies ingress certificates: cert-manager handles certificates for an ingress controller, which simplifies the configuration and management of secure communication channels.
- Enhances security: certificate management is automated and the risk of error is reduced. Certificates are current and valid, which contribute to a secure environment.
The microshift-cert-manager RPM is an optional component that can be installed at any time. Follow these steps to install and verify the certificate manager:
Procedure
Install the
cert-manager-operatorusing themicroshift-cert-managerRPM by running the following command:sudo dnf install microshift-cert-manager
$ sudo dnf install microshift-cert-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify the certificate manager versions that are used by running the following command:
rpm -qi microshift-cert-manager
$ rpm -qi microshift-cert-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Restart MicroShift by running the following command:
systemctl microshift restart
$ systemctl microshift restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify that the
microshift-cert-managerRPM is installed by running the following command:oc get deployment -n cert-manager-operator
$ oc get deployment -n cert-manager-operatorCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager-operator-controller-manager 1/1 1 1 2d22h
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager-operator-controller-manager 1/1 1 1 2d22hCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify that the`cert-manager` deployments are in a ready state and are up-to-date in the cert-manager namespace by running the following command:
oc get deployment -n cert-manager
$ oc get deployment -n cert-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager 1/1 1 1 2d22h cert-manager-cainjector 1/1 1 1 2d22h cert-manager-webhook 1/1 1 1 2d22h
NAME READY UP-TO-DATE AVAILABLE AGE cert-manager 1/1 1 1 2d22h cert-manager-cainjector 1/1 1 1 2d22h cert-manager-webhook 1/1 1 1 2d22hCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify that the pods are running in the
cert-managernamespace by running the following command:oc get pods -n cert-manager
$ oc get pods -n cert-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
NAME READY STATUS RESTARTS AGE cert-manager-7cfb4fbb84-qdmk8 1/1 Running 2 2d22h cert-manager-cainjector-854f669657-xzs8b 1/1 Running 2 2d22h cert-manager-webhook-68fd6d5f5c-j942h 1/1 Running 2 2d22h
NAME READY STATUS RESTARTS AGE cert-manager-7cfb4fbb84-qdmk8 1/1 Running 2 2d22h cert-manager-cainjector-854f669657-xzs8b 1/1 Running 2 2d22h cert-manager-webhook-68fd6d5f5c-j942h 1/1 Running 2 2d22hCopy to Clipboard Copied! Toggle word wrap Toggle overflow
You can install the optional microshift-cert-manager by using OLM at any time. For more information, see Using Operator Lifecycle Manager with MicroShift and Installing the cert-manager Operator for Red Hat OpenShift.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}