Helm/Cert Manager: Difference between revisions
Jump to navigation
Jump to search
| Line 85: | Line 85: | ||
==Cluster Issuer » Self Signed== | ==Cluster Issuer » Self Signed== | ||
<syntaxhighlight lang= | {|class='wikitable mw-collapsible' style='width:100%;margin:3px 0' | ||
!scope='col' style='text-align:left'| | |||
Cluster Issuer » Self Signed | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight style='margin:3px 0' lang='yaml'> | |||
cat <<'YML' | \ | cat <<'YML' | \ | ||
kubectl apply -f - | kubectl apply -f - | ||
| Line 100: | Line 105: | ||
kubectl get clusterissuer selfsigned-cert-signer -o=yaml|yq -P | kubectl get clusterissuer selfsigned-cert-signer -o=yaml|yq -P | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|} | |||
==Cert Manager » Webhook » Fixes== | |||
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0' | |||
!scope='col' style='text-align:left'| | |||
Cert Manager » Rollout | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight style='margin:3px 0' lang='bash'> | |||
kubectl -n cert-manager rollout restart deployment cert-manager | |||
kubectl -n cert-manager rollout restart deployment cert-manager-webhook | |||
kubectl -n cert-manager rollout restart deployment cert-manager-cainjector | |||
</syntaxhighlight> | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight style='margin:3px 0' lang='bash'> | |||
kubectl -n cert-manager delete secret cert-manager-webhook-ca | |||
kubectl -n cert-manager rollout restart deployment cert-manager-webhook | |||
kubectl get ValidatingWebhookConfiguration cert-manager-webhook | |||
</syntaxhighlight> | |||
|} | |||
==Playground== | ==Playground== | ||
Revision as of 13:14, 26 December 2025
helm repo add jetstack https://charts.jetstack.io helm repo update && helm repo list kubectl config get-contexts
Config
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
Install
kubectl create ns cert-manager|true
kubectl get ns|cert-manager
helm show values jetstack/cert-manager --version v1.15.1|less
helm show values jetstack/cert-manager --version v1.19.1|less
cat <<'YML' | \
helm -n=cert-manager upgrade --install cert-manager jetstack/cert-manager --version=v1.19.1 -f -
---
crds:
enabled: true
ingressShim:
defaultIssuerName: letsencrypt-prod
defaultIssuerKind: ClusterIssuer
prometheus:
enabled: false
webhook:
timeoutSeconds: 30
YML
|
Uninstall
helm uninstall -n cert-manager cert-manager
kubectl delete namespace cert-manager
Cluster Issuer » Let's Encrypt
cat <<'YML' | \
kubectl apply -f -
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: tool.tech@shahed.biz
privateKeySecretRef:
name: letsencrypt-staging-ac-key
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: tool.tech@shahed.biz
privateKeySecretRef:
name: letsencrypt-prod-ac-key
solvers:
- http01:
ingress:
class: nginx
YML
kubectl get clusterissuer
kubectl get clusterissuer letsencrypt-staging -o=yaml|yq -P
kubectl get clusterissuer letsencrypt-prod -o=yaml|yq -P
Cluster Issuer » Self Signed
|
Cluster Issuer » Self Signed |
|---|
cat <<'YML' | \
kubectl apply -f -
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-cert-signer
spec:
selfSigned: {}
YML
kubectl get clusterissuer
kubectl get clusterissuer selfsigned-cert-signer -o=yaml|yq -P
|
Cert Manager » Webhook » Fixes
|
Cert Manager » Rollout |
|---|
kubectl -n cert-manager rollout restart deployment cert-manager
kubectl -n cert-manager rollout restart deployment cert-manager-webhook
kubectl -n cert-manager rollout restart deployment cert-manager-cainjector
|
kubectl -n cert-manager delete secret cert-manager-webhook-ca
kubectl -n cert-manager rollout restart deployment cert-manager-webhook
kubectl get ValidatingWebhookConfiguration cert-manager-webhook
|
Playground
helm install -n cert-manager cert-manager jetstack/cert-manager --version v1.14.7
helm upgrade -n cert-manager -i cert-manager jetstack/cert-manager --version v1.15.1
helm show values jetstack/cert-manager --version v1.15.1|less
| |
|
| |
export CERT_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cert-manager' -o json|jq -r '.items[0].metadata.name')
export CA_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=cainjector' -o json|jq -r '.items[0].metadata.name')
export HOOK_POD_NAME=$(kubectl -n cert-manager get pod -l 'app.kubernetes.io/name=webhook' -o json|jq -r '.items[0].metadata.name')
kubectl exec -n cert-manager -it svc/cert-manager-webhook -c cert-manager-webhook -- bash
kubectl exec -n cert-manager -it svc/cert-manager -c cert-manager-controller -- bash
kubectl exec -n cert-manager -it svc/cert-manager -c init -- bash
kubectl -n cert-manager exec -it ${CERT_POD_NAME} -- bash
| |
|
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
|
| |
kubectl delete all --all -n cert-manager
kubectl delete ing --all -n cert-manager
kubectl delete sts --all -n cert-manager
|
kubectl delete svc --all -n cert-manager
kubectl delete pvc --all -n cert-manager
kubectl delete pv --all -n cert-manager
|
|
| |
kubectl rollout -n cert-manager history deploy cert-manager
kubectl rollout -n cert-manager restart deploy cert-manager
kubectl rollout -n cert-manager status deploy cert-manager
|
kubectl logs -n cert-manager -f ${CERT_POD_NAME}
kubectl logs -n cert-manager -f ${HOOK_POD_NAME}
kubectl logs -n cert-manager -f ${CA_POD_NAME}
|
References
|
| ||
|
| ||