search string side menu

BRIX On-Premises > BRIX On-Premises Enterprise > Install add-on components for BRIX / Install Cert-manager

Install Cert-manager

Cert-manager adds certificates and their elements as resource types into Kubernetes clusters, simplifying the process of obtaining, renewing, and using these certificates.

The installation consists of three steps:

  1. Download the Helm chart and configuration file.
  2. Fill out the configuration file.
  3. Install the Cert-manager chart using helm in the Kubernetes cluster.

Step 1: Download the Helm chart and configuration file

For installation via the internet, obtain the configuration file values-cert-manager.yaml by executing the command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm show values elma365/cert-manager > values-cert-manager.yaml

Getting the configuration file for installation in a closed-loop environment without internet access

  1. On a computer with internet access, download the archive of the latest version of the cert-manager chart from the BRIX repository by executing the following command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm pull elma365/cert-manager

  1. Copy the obtained chart archive cert-manager-X.Y.Z.tgz to the server where the installation will be performed.
  1. Unpack the cert-manager-X.Y.Z.tgz chart on the server and copy the default configuration file values.yaml to values-cert-manager.yaml:

tar -xf cert-manager-X.Y.Z.tgz
cp cert-manager/values.yaml values-cert-manager.yaml

Step 2: Fill out the configuration file

Fill out the configuration file values-cert-manager.yaml for installing Cert-manager.

## cert-manager settings
cert-manager:
  ## namespace for cert-manager (before installation, create kubectl create ns cert-manager)
  namespace: ""
  ## install crds
  installCRDs: true
  ## number of replicas for high availability
  replicaCount: 1
##
  webhook:
    ## number of replicas for high availability
    replicaCount: 1
##
  cainjector:
    enabled: true
    ## number of replicas for high availability
    replicaCount: 1
  startupapicheck:
    enabled: true

Filling out connection parameters to the private registry for installation in a closed-loop environment without internet access

To connect to the private registry you need to:

  1. Download BRIX images and upload them to the local image registry. For more details refer to Download BRIX images.
  2. Specify the address and path for the parameters cert-manager.image.repository.
  3. Indicate the name of the secret with access rights to the private registry in the parameter cert-manager.image.imagePullSecrets. The secret must be manually created and encrypted in Base64.

## connection parameters for the private registry
cert-manager:
  image:
    ## address and path for the private registry
    repository: registry.example.com/jetstack/cert-manager-controller
  global:
    ## secret with access permissions for the private registry must be created manually and
encrypted in Base64
    imagePullSecrets:
      - name: "myRegistryKeySecretName"
  webhook:
    ## connection parameters for the private registry
    image:
      ## address and path for the private registry
      repository: registry.example.com/jetstack/cert-manager-webhook
  cainjector:
    ## connection parameters for the private registry
    image:
      ## address and path for the private registry
      repository: registry.example.com/jetstack/cert-manager-cainjector
##
  acmesolver:
    ## connection parameters for the private registry
    image:
      ## address and path for the private registry
      repository: registry.example.com/jetstack/cert-manager-acmesolver
  startupapicheck:
    ## connection parameters for the private registry
    image:
      ## address and path for the private registry
      repository: registry.example.com/jetstack/cert-manager-ctl

  • address is registry.example.com;
  • path is /jetstack/cert-manager-controller, /jetstack/cert-manager-webhook, /jetstack/cert-manager-cainjector, /jetstack/cert-manager-acmesolver, /jetstack/cert-manager-ctl.

Step 3: Install the Cert-manager chart using helm in the Kubernetes cluster

  1. Install the Cert-manager chart in the namespace cert-manager.

For online installation:

helm upgrade --install cert-manager elma365/cert-manager -f values-cert-manager.yaml -n cert-manager 

For offline installation without internet access, go to the directory with the downloaded chart and execute the command:

helm upgrade --install cert-manager ./cert-manager -f values-cert-manager.yaml -n cert-manager --create-namespace

  1. Make sure that the chart is deployed correctly. To do this, check the namespace cert-manager for the running modules:

kubectl get pod -n cert-manager
NAME                             READY   STATUS    RESTARTS   AGE
cert-manager-xxxx-xxx             1/1     Running   0          1m
cert-manager-cainjector-xxx-xx    1/1     Running   0          1m
cert-manager-webhook-xxx-xxx      1/1     Running   0          1m

Delete Cert-manager using helm in a Kubernetes cluster

начало внимание

Before deleting Cert-manager, reconfigure the BRIX application to obtain certificates from other sources or disable TLS.

конец внимание

Delete the Cert-manager chart in the namespace cert-manager:

helm uninstall cert-manager -n cert-manager

installation-jaeger.html install-loki.html