vSphere 7.x용 TKr에 Cert Manager를 설치하려면 다음 지침을 참조하십시오.
사전 요구 사항
vSphere 7.x용 TKr에 표준 패키지를 설치하기 위한 워크플로의 내용을 참조하십시오.
Cert Manager 설치
Cert Manager를 설치합니다.
- 사용 가능한 Cert Manager 패키지 버전을 나열합니다.
kubectl -n tkg-system get packages | grep cert-manager
- 대상 버전으로
cert-manager.yaml을 생성합니다.cert-manager.yaml의 내용을 참조하십시오.
- Cert Manager를 설치합니다.
kubectl apply -f cert-manager.yaml
예상 결과:serviceaccount/cert-manager-sa created clusterrolebinding.rbac.authorization.k8s.io/admin created packageinstall.packaging.carvel.dev/cert-manager created secret/cert-manager-data-values created
- Cert Manager 설치를 확인합니다.
kubectl get pkgi -A
예상 결과:NAMESPACE NAME PACKAGE NAME PACKAGE VERSION DESCRIPTION AGE tkg-system cert-manager cert-manager.tanzu.vmware.com 1.12.2+vmware.2-tkg.2 Reconcile succeeded 57s
- Cert Manager 포드를 확인합니다.
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE tkg-system cert-manager-666586c866-826rz 1/1 Running 0 48s tkg-system cert-manager-cainjector-68697ccc4b-xbfff 1/1 Running 0 48s tkg-system cert-manager-webhook-57ccbd4db9-tzw4c 1/1 Running 0 48s
cert-manager.yaml
Cert Manager를 설치하려면 다음
cert-manager.yaml 예를 참조하십시오. 대상 패키지 버전과 일치하도록 버전 변수를 업데이트합니다.
apiVersion: v1
kind: ServiceAccount
metadata:
name: cert-manager-sa
namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: cert-manager-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: cert-manager
namespace: tkg-system
spec:
serviceAccountName: cert-manager-sa
packageRef:
refName: cert-manager.tanzu.vmware.com
versionSelection:
constraints: 1.12.2+vmware.2-tkg.2 #PKG-VERSION
values:
- secretRef:
name: cert-manager-data-values
---
apiVersion: v1
kind: Secret
metadata:
name: cert-manager-data-values
namespace: tkg-system
stringData:
values.yml: |
---
namespace: tkg-system
