Follow these instructions to install Cert Manager on a TKG Service cluster that is running TKr for vSphere 8.x.

About Cert Manager

Cert Manager provides certificate management for TKG Service clusters. Cert Manager is a prerequisite for most standard packages, including Contour, ExternalDNS, Prometheus, and Harbor.

Prerequisites

Adhere to the following prerequisites.

Install Cert Manager

Complete these steps to install Cert Manager.
  1. List the available Cert Manager versions.
    tanzu package available get cert-manager.tanzu.vmware.com -n tkg-system
    Note: Typically you should use the latest version unless your requirements differ.
  2. Create the Cert Manager namespace.
    kubectl create ns cert-manager
  3. Install Cert Manager.

    Adjust the target version to meet your requirements.

    tanzu package install cert-manager -p cert-manager.tanzu.vmware.com -n cert-manager -v 1.12.2+vmware.2-tkg.2
  4. Verify the installation of Cert Manager.
    tanzu package installed list -n cert-manager
    tanzu package installed get -n cert-manager cert-manager
  5. Check the Cert Manager namespace for resources created by the installation of the package.
    kubectl -n cert-manager get all
    NAME                                          READY   STATUS    RESTARTS   AGE
pod/cert-manager-b5675b75f-flkjp              1/1     Running   0          6m14s
pod/cert-manager-cainjector-f8dc756cf-f7xsv   1/1     Running   0          6m14s
pod/cert-manager-webhook-6c888c8ddd-5xlnb     1/1     Running   0          6m14s

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/cert-manager           ClusterIP   10.97.254.59     <none>        9402/TCP   6m14s
service/cert-manager-webhook   ClusterIP   10.105.225.156   <none>        443/TCP    6m14s

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cert-manager              1/1     1            1           6m14s
deployment.apps/cert-manager-cainjector   1/1     1            1           6m14s
deployment.apps/cert-manager-webhook      1/1     1            1           6m14s

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/cert-manager-b5675b75f              1         1         1       6m14s
replicaset.apps/cert-manager-cainjector-f8dc756cf   1         1         1       6m14s
replicaset.apps/cert-manager-webhook-6c888c8ddd     1         1         1       6m14s

Troubleshoot

Use the following commands to check for error messages. 
kubectl get pkgi -A
kubectl describe pkgi -n cert-manager cert-manage