請按照以下指示在適用於 vSphere 7.x 的 TKr 上安裝 Cert Manager。
必要條件
安裝 Cert Manager
安裝 Cert Manager。
- 列出可用的 Cert Manager 套件版本。
kubectl -n tkg-system get packages | grep cert-manager
- 使用目標版本建立
cert-manager.yaml。 - 安裝 Cert Manager。
kubectl apply -f cert-manager.yaml
預期的結果:serviceaccount/cert-manager-sa created clusterrolebinding.rbac.authorization.k8s.io/admin created packageinstall.packaging.carvel.dev/cert-manager created secret/cert-manager-data-values created
- 確認 Cert Manager 安裝。
kubectl get pkgi -A
預期的結果:NAMESPACE NAME PACKAGE NAME PACKAGE VERSION DESCRIPTION AGE tkg-system cert-manager cert-manager.tanzu.vmware.com 1.12.2+vmware.2-tkg.2 Reconcile succeeded 57s
- 確認 Cert Manager 網繭。
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE tkg-system cert-manager-666586c866-826rz 1/1 Running 0 48s tkg-system cert-manager-cainjector-68697ccc4b-xbfff 1/1 Running 0 48s tkg-system cert-manager-webhook-57ccbd4db9-tzw4c 1/1 Running 0 48s
cert-manager.yaml
請參閱以下
cert-manager.yaml 範例以安裝 Cert Manager。更新版本變數以匹配目標套件版本。
apiVersion: v1
kind: ServiceAccount
metadata:
name: cert-manager-sa
namespace: tkg-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: cert-manager-sa
namespace: tkg-system
---
apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall
metadata:
name: cert-manager
namespace: tkg-system
spec:
serviceAccountName: cert-manager-sa
packageRef:
refName: cert-manager.tanzu.vmware.com
versionSelection:
constraints: 1.12.2+vmware.2-tkg.2 #PKG-VERSION
values:
- secretRef:
name: cert-manager-data-values
---
apiVersion: v1
kind: Secret
metadata:
name: cert-manager-data-values
namespace: tkg-system
stringData:
values.yml: |
---
namespace: tkg-system
