Refer to these instructions to install Cert Manager on a TKr for vSphere 7.x.

Prerequisites

See Workflow for Installing Standard Packages on TKr for vSphere 7.x.

Install Cert Manager

Install Cert Manager.
  1. List the available Cert Manager package versions.
    kubectl -n tkg-system get packages | grep cert-manager
  2. Create cert-manager.yaml with the target version.

    See cert-manager.yaml.

  3. Install Cert Manager.
    kubectl apply -f cert-manager.yaml
    Expected result: 
    serviceaccount/cert-manager-sa created
clusterrolebinding.rbac.authorization.k8s.io/admin created
packageinstall.packaging.carvel.dev/cert-manager created
secret/cert-manager-data-values created
  4. Verify Cert Manager installation.
    kubectl get pkgi -A
    Expected result: 
    NAMESPACE    NAME           PACKAGE NAME                    PACKAGE VERSION         DESCRIPTION           AGE
tkg-system   cert-manager   cert-manager.tanzu.vmware.com   1.12.2+vmware.2-tkg.2   Reconcile succeeded   57s
  5. Verify Cert Manager pods.
    kubectl get pods -A
    NAMESPACE           NAME                                         READY   STATUS    RESTARTS      AGE
tkg-system        cert-manager-666586c866-826rz                1/1     Running   0             48s
tkg-system        cert-manager-cainjector-68697ccc4b-xbfff     1/1     Running   0             48s
tkg-system        cert-manager-webhook-57ccbd4db9-tzw4c        1/1     Running   0             48s

cert-manager.yaml

Refer to the following cert-manager.yaml example to install Cert Manager. Update the version variable to match the target package version. 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: cert-manager-sa
  namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: cert-manager-sa
    namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
  name: cert-manager
  namespace: tkg-system
spec:
  serviceAccountName: cert-manager-sa
  packageRef:
    refName: cert-manager.tanzu.vmware.com
    versionSelection:
      constraints: 1.12.2+vmware.2-tkg.2 #PKG-VERSION
  values:
  - secretRef:
      name: cert-manager-data-values
---
apiVersion: v1
kind: Secret
metadata:
  name: cert-manager-data-values
  namespace: tkg-system
stringData:
  values.yml: |
    ---
    namespace: tkg-system