Differences

This shows you the differences between two versions of the page.

--- cert-manager_install [2025/07/26 17:09] – - Imported by DokuWiki Advanced Plugin wikiadm
+++ cert-manager_install [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Cert-manager deployment ======
-<file bash>
-$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.crds.yaml
-customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
-customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
-customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
-customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
-customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
-customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
-</file>
-<file bash>
-$ helm repo add jetstack https://charts.jetstack.io
-"jetstack" has been added to your repositories
-</file>
-<file bash>
-$ helm repo update jetstack
-Hang tight while we grab the latest from your chart repositories...
-...Successfully got an update from the "jetstack" chart repository
-Update Complete. ⎈Happy Helming!⎈
-</file>
-<file bash>
-$ helm install cert-manager --namespace cert-manager --create-namespace --version v1.8.0 jetstack/cert-manager
-NAME: cert-manager
-LAST DEPLOYED: Wed May 25 14:29:27 2022
-NAMESPACE: cert-manager
-STATUS: deployed
-REVISION: 1
-TEST SUITE: None
-NOTES:
-cert-manager v1.8.0 has been deployed successfully!
-In order to begin issuing certificates, you will need to set up a ClusterIssuer
-or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
-More information on the different types of issuers and how to configure them
-can be found in our documentation:
-https://cert-manager.io/docs/configuration/
-For information on how to configure cert-manager to automatically provision
-Certificates for Ingress resources, take a look at the `ingress-shim`
-documentation:
-https://cert-manager.io/docs/usage/ingress/
-</file>
-<file bash>
-$ kubectl get crds
-NAME                                                  CREATED AT
-apiservers.operator.tigera.io                         2022-05-17T12:30:52Z
-bgpconfigurations.crd.projectcalico.org               2022-05-17T12:30:51Z
-bgppeers.crd.projectcalico.org                        2022-05-17T12:30:51Z
-blockaffinities.crd.projectcalico.org                 2022-05-17T12:30:51Z
-caliconodestatuses.crd.projectcalico.org              2022-05-17T12:30:51Z
-certificaterequests.cert-manager.io                   2022-05-25T17:27:04Z
-certificates.cert-manager.io                          2022-05-25T17:27:04Z
-challenges.acme.cert-manager.io                       2022-05-25T17:27:04Z
-clusterinformations.crd.projectcalico.org             2022-05-17T12:30:51Z
-clusterissuers.cert-manager.io                        2022-05-25T17:27:04Z
-felixconfigurations.crd.projectcalico.org             2022-05-17T12:30:51Z
-globalnetworkpolicies.crd.projectcalico.org           2022-05-17T12:30:51Z
-globalnetworksets.crd.projectcalico.org               2022-05-17T12:30:51Z
-hostendpoints.crd.projectcalico.org                   2022-05-17T12:30:52Z
-imagesets.operator.tigera.io                          2022-05-17T12:30:52Z
-installations.operator.tigera.io                      2022-05-17T12:30:52Z
-ipamblocks.crd.projectcalico.org                      2022-05-17T12:30:52Z
-ipamconfigs.crd.projectcalico.org                     2022-05-17T12:30:52Z
-ipamhandles.crd.projectcalico.org                     2022-05-17T12:30:52Z
-ippools.crd.projectcalico.org                         2022-05-17T12:30:52Z
-ipreservations.crd.projectcalico.org                  2022-05-17T12:30:52Z
-issuers.cert-manager.io                               2022-05-25T17:27:04Z
-kubecontrollersconfigurations.crd.projectcalico.org   2022-05-17T12:30:52Z
-networkpolicies.crd.projectcalico.org                 2022-05-17T12:30:52Z
-networksets.crd.projectcalico.org                     2022-05-17T12:30:52Z
-orders.acme.cert-manager.io                           2022-05-25T17:27:05Z
-tigerastatuses.operator.tigera.io                     2022-05-17T12:30:52Z
-</file>
-<file bash>
-$ kubectl get all -n cert-manager
-NAME                                           READY   STATUS    RESTARTS   AGE
-pod/cert-manager-76578c9687-qlmbm              1/1     Running   0          3m42s
-pod/cert-manager-cainjector-5c55bb7cb4-p52v8   1/1     Running   0          3m42s
-pod/cert-manager-webhook-556f979d7f-r7m6l      1/1     Running   0          3m42s
-NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
-service/cert-manager           ClusterIP   10.96.123.186   <none>        9402/TCP   3m42s
-service/cert-manager-webhook   ClusterIP   10.96.195.158   <none>        443/TCP    3m42s
-NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
-deployment.apps/cert-manager              1/1     1            1           3m42s
-deployment.apps/cert-manager-cainjector   1/1     1            1           3m42s
-deployment.apps/cert-manager-webhook      1/1     1            1           3m42s
-NAME                                                 DESIRED   CURRENT   READY   AGE
-replicaset.apps/cert-manager-76578c9687              1         1         1       3m42s
-replicaset.apps/cert-manager-cainjector-5c55bb7cb4   1         1         1       3m42s
-replicaset.apps/cert-manager-webhook-556f979d7f      1         1         1       3m42s
-</file>
-<file bash>
-$ kubectl edit service cert-manager -n cert-manager
-$ kubectl edit service cert-manager-webhook -n cert-manager
-</file>
-<file bash>
-ipFamilyPolicy: PreferDualStack
-  ipFamilies:
-  - IPv6
-  - IPv4
-</file>
-===== Certificado de teste - staging =====
-<file yaml ClusterIssuer-staging.yaml>
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    # You must replace this email address with your own.
-    # Let's Encrypt will use this to contact you about expiring
-    # certificates, and issues related to your account.
-    email: gean.martins@juntotelecom.com.br
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      # Secret resource that will be used to store the account's private key.
-      name: letsencrypt-staging
-    # Add a single challenge solver, HTTP01 using nginx
-    solvers:
-    - http01:
-        ingress:
-          class: nginx
-</file>
-<file bash>
-$ kubectl apply -f ClusterIssuer-staging.yaml
-clusterissuer.cert-manager.io/letsencrypt-staging created
-</file>
-<file bassh>
-$ kubectl describe ClusterIssuer letsencrypt-staging
-Name:         letsencrypt-staging
-Namespace:
-Labels:       <none>
-Annotations:  <none>
-API Version:  cert-manager.io/v1
-Kind:         ClusterIssuer
-Metadata:
-  Creation Timestamp:  2022-05-27T12:19:42Z
-  Generation:          1
-  Managed Fields:
-    API Version:  cert-manager.io/v1
-    Fields Type:  FieldsV1
-    fieldsV1:
-      f:metadata:
-        f:annotations:
-          .:
-          f:kubectl.kubernetes.io/last-applied-configuration:
-      f:spec:
-        .:
-        f:acme:
-          .:
-          f:email:
-          f:privateKeySecretRef:
-            .:
-            f:name:
-          f:server:
-          f:solvers:
-    Manager:      kubectl-client-side-apply
-    Operation:    Update
-    Time:         2022-05-27T12:19:42Z
-    API Version:  cert-manager.io/v1
-    Fields Type:  FieldsV1
-    fieldsV1:
-      f:status:
-        .:
-        f:acme:
-          .:
-          f:lastRegisteredEmail:
-          f:uri:
-        f:conditions:
-          .:
-          k:{"type":"Ready"}:
-            .:
-            f:lastTransitionTime:
-            f:message:
-            f:observedGeneration:
-            f:reason:
-            f:status:
-            f:type:
-    Manager:         cert-manager-clusterissuers
-    Operation:       Update
-    Subresource:     status
-    Time:            2022-05-27T12:19:43Z
-  Resource Version:  2474068
-  UID:               5db6c5e6-de28-4d21-9f21-1e17bdaca603
-Spec:
-  Acme:
-    Email:            gean.martins@juntotelecom.com.br
-    Preferred Chain:
-    Private Key Secret Ref:
-      Name:  letsencrypt-staging
-    Server:  https://acme-staging-v02.api.letsencrypt.org/directory
-    Solvers:
-      http01:
-        Ingress:
-          Class:  nginx
-Status:
-  Acme:
-    Last Registered Email:  gean.martins@juntotelecom.com.br
-    Uri:                    https://acme-staging-v02.api.letsencrypt.org/acme/acct/55465934
-  Conditions:
-    Last Transition Time:  2022-05-27T12:19:43Z
-    Message:               The ACME account was registered with the ACME server
-    Observed Generation:   1
-    Reason:                ACMEAccountRegistered
-    Status:                True
-    Type:                  Ready
-Events:                    <none>
-</file>
-===== Certificado de produção - production =====
-<file yaml ClusterIssuer-prod.yaml>
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    # You must replace this email address with your own.
-    # Let's Encrypt will use this to contact you about expiring
-    # certificates, and issues related to your account.
-    email: gean.martins@juntotelecom.com.br
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      # Secret resource that will be used to store the account's private key.
-      name: letsencrypt-production
-    # Add a single challenge solver, HTTP01 using nginx
-    solvers:
-    - http01:
-        ingress:
-          class: nginx
-</file>
-<file bash>
-$ kubectl apply -f ClusterIssuer-prod.yaml
-clusterissuer.cert-manager.io/letsencrypt-prod created
-</file>
-<file bash>
-$ kubectl describe ClusterIssuer letsencrypt-prod
-Name:         letsencrypt-prod
-Namespace:
-Labels:       <none>
-Annotations:  <none>
-API Version:  cert-manager.io/v1
-Kind:         ClusterIssuer
-Metadata:
-  Creation Timestamp:  2022-05-27T12:28:27Z
-  Generation:          1
-  Managed Fields:
-    API Version:  cert-manager.io/v1
-    Fields Type:  FieldsV1
-    fieldsV1:
-      f:metadata:
-        f:annotations:
-          .:
-          f:kubectl.kubernetes.io/last-applied-configuration:
-      f:spec:
-        .:
-        f:acme:
-          .:
-          f:email:
-          f:privateKeySecretRef:
-            .:
-            f:name:
-          f:server:
-          f:solvers:
-    Manager:      kubectl-client-side-apply
-    Operation:    Update
-    Time:         2022-05-27T12:28:27Z
-    API Version:  cert-manager.io/v1
-    Fields Type:  FieldsV1
-    fieldsV1:
-      f:status:
-        .:
-        f:acme:
-          .:
-          f:lastRegisteredEmail:
-          f:uri:
-        f:conditions:
-          .:
-          k:{"type":"Ready"}:
-            .:
-            f:lastTransitionTime:
-            f:message:
-            f:observedGeneration:
-            f:reason:
-            f:status:
-            f:type:
-    Manager:         cert-manager-clusterissuers
-    Operation:       Update
-    Subresource:     status
-    Time:            2022-05-27T12:28:29Z
-  Resource Version:  2475725
-  UID:               f9686b3d-5824-444e-b12b-525c542c7b01
-Spec:
-  Acme:
-    Email:            gean.martins@juntotelecom.com.br
-    Preferred Chain:
-    Private Key Secret Ref:
-      Name:  letsencrypt-production
-    Server:  https://acme-v02.api.letsencrypt.org/directory
-    Solvers:
-      http01:
-        Ingress:
-          Class:  nginx
-Status:
-  Acme:
-    Last Registered Email:  gean.martins@juntotelecom.com.br
-    Uri:                    https://acme-v02.api.letsencrypt.org/acme/acct/562203266
-  Conditions:
-    Last Transition Time:  2022-05-27T12:28:29Z
-    Message:               The ACME account was registered with the ACME server
-    Observed Generation:   1
-    Reason:                ACMEAccountRegistered
-    Status:                True
-    Type:                  Ready
-Events:                    <none>
-</file>
-===== Referências =====
-  - [[https://docs.microsoft.com/pt-br/azure/application-gateway/ingress-controller-letsencrypt-certificate-application-gateway|Usar certificados com LetsEncrypt.org no Gateway de Aplicativo para clusters do AKS]]
-  - [[https://www.thinktecture.com/en/kubernetes/ssl-certificates-with-cert-manager-in-kubernetes/|Acquire SSL Certificates In Kubernetes From Let’s Encrypt With Cert-Manager]]
-  - [[https://gutocarvalho.net/instalando-cert-manager-no-k8s/|K8S: Instalando Cert-Manager e issuers LetsEncrypt]]