-
Notifications
You must be signed in to change notification settings - Fork 456
cert‐manager
Cesar Celis Hernandez edited this page Nov 1, 2023
·
1 revision
To test cert-manager
with MinIO in k8s
- https://github.com/minio/operator/blob/master/docs/cert-manager.md
- https://cert-manager.io/docs/installation/
- https://stackoverflow.com/questions/53536907/kubectl-wait-for-condition-complete-timeout-30s
- https://stackoverflow.com/questions/71384532/kubernetes-wait-for-secret-to-be-created
- Create cluster:
createcluster ingress
- Install
cert-manager
:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
echo "Wait until cert-manager pods are running:"
kubectl wait -n cert-manager --for=condition=ready pod -l app=cert-manager --timeout=120s
kubectl wait -n cert-manager --for=condition=ready pod -l app=cainjector --timeout=120s
kubectl wait -n cert-manager --for=condition=ready pod -l app=webhook --timeout=120s
- Install Operator
installoperator ingress
- Install Tenant with cert-manager: https://github.com/minio/operator/tree/master/examples/kustomization/tenant-certmanager
kustomize build github.com/minio/operator/examples/kustomization/tenant-lite\?ref\=v5.0.10 > /Users/cniackz/bash-config/config-files/kustomize/Tenant/kustomize-tenant-5-0-10.yaml
k apply -f /Users/cniackz/bash-config/config-files/kustomize/Tenant/kustomize-tenant-cert-manager-5-0-10.yaml
OR
kubectl apply -k github.com/minio/operator/examples/kustomization/tenant-certmanager
kubectl get secrets -n tenant-certmanager tenant-certmanager-tls -o=jsonpath='{.data.ca\.crt}' | base64 -d > public.crt
kubectl create secret generic operator-ca-tls --from-file=public.crt -n minio-operator
kubectl rollout restart deployment.apps/minio-operator -n minio-operator