請按照以下指示在適用於 vSphere 7.x 的 TKr 上安裝 Cert Manager。
必要條件
安裝 Cert Manager
安裝 Cert Manager。
- 列出可用的 Cert Manager 套件版本。
kubectl -n tkg-system get packages | grep cert-manager
- 使用目標版本建立
cert-manager.yaml
。 - 安裝 Cert Manager。
kubectl apply -f cert-manager.yaml
預期的結果:serviceaccount/cert-manager-sa created clusterrolebinding.rbac.authorization.k8s.io/admin created packageinstall.packaging.carvel.dev/cert-manager created secret/cert-manager-data-values created
- 確認 Cert Manager 安裝。
kubectl get pkgi -A
預期的結果:NAMESPACE NAME PACKAGE NAME PACKAGE VERSION DESCRIPTION AGE tkg-system cert-manager cert-manager.tanzu.vmware.com 1.12.2+vmware.2-tkg.2 Reconcile succeeded 57s
- 確認 Cert Manager 網繭。
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE tkg-system cert-manager-666586c866-826rz 1/1 Running 0 48s tkg-system cert-manager-cainjector-68697ccc4b-xbfff 1/1 Running 0 48s tkg-system cert-manager-webhook-57ccbd4db9-tzw4c 1/1 Running 0 48s
cert-manager.yaml
請參閱以下
cert-manager.yaml
範例以安裝 Cert Manager。更新版本變數以匹配目標套件版本。
apiVersion: v1 kind: ServiceAccount metadata: name: cert-manager-sa namespace: tkg-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: cert-manager-sa namespace: tkg-system --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cert-manager namespace: tkg-system spec: serviceAccountName: cert-manager-sa packageRef: refName: cert-manager.tanzu.vmware.com versionSelection: constraints: 1.12.2+vmware.2-tkg.2 #PKG-VERSION values: - secretRef: name: cert-manager-data-values --- apiVersion: v1 kind: Secret metadata: name: cert-manager-data-values namespace: tkg-system stringData: values.yml: | --- namespace: tkg-system