weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Update installation docs for latest release

Browse Source 
Signed-off-by: James Munnelly <james@munnelly.eu>
This commit is contained in:
James Munnelly 2019-09-07 12:28:03 +01:00
parent f1d591a531
commit 50d23749ef
2 changed files with 14 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/getting-started/install/kubernetes.rst
View File

@ -149,17 +149,17 @@ checking the ``cert-manager`` namespace for running pods:
kubectl get pods --namespace cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-5c6866597-zw7kh 1/1 Running 0 2m
webhook-78fb756679-9bsmf 1/1 Running 0 2m
webhook-ca-sync-1543708620-n82gj 0/1 Completed 0 1m
NAME READY STATUS RESTARTS AGE
cert-manager-5c6866597-zw7kh 1/1 Running 0 2m
cert-manager-cainjector-577f6d9fd7-tr77l 1/1 Running 0 2m
cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m
You should see both the ``cert-manager`` and ``webhook`` component in a Running
state, and the ``ca-sync`` pod is Completed. If the webhook has not Completed
but the ``cert-manager`` pod has recently started, wait a few minutes for the
``ca-sync`` pod to be retried.
If you experience problems, please check the
:doc:`troubleshooting guide <../troubleshooting>`.
You should see the ``cert-manager``, ``cert-manager-cainjector`` and
``cert-manager-webhook` pod in a Running state.
It may take a minute or so for the TLS assets required for the webhook to
function to be provisioned. This may cause the webhook to take a while longer
to start for the first time than other pods. If you experience problems, please
check the :doc:`troubleshooting guide <../troubleshooting>`.
The following steps will confirm that cert-manager is set up correctly and able
to issue basic certificate types:

123
docs/tutorials/acme/quick-start/index.rst
View File

@ -344,126 +344,11 @@ Step 5 - Deploy Cert Manager
============================
We need to install cert-manager to do the work with kubernetes to request a
certificate and respond to the challenge to validate it. We can use helm to
install cert-manager. This example installed cert-manager into the
`kube-system` namespace from the public helm charts.
certificate and respond to the challenge to validate it. We can use helm or
plain Kubernetes manifest to install cert-manager.
.. code-block:: shell
# Install the cert-manager CRDs. We must do this before installing the Helm
# chart in the next step for `release-0.10` of cert-manager:
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml
# Create the namespace for cert-manager
$ kubectl create namespace cert-manager
# Label the cert-manager namespace to disable resource validation
$ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
## Add the Jetstack Helm repository
$ helm repo add jetstack https://charts.jetstack.io
## Updating the repo just incase it already existed
$ helm repo update
## Install the cert-manager helm chart
$ helm install \
--name cert-manager \
--namespace cert-manager \
--version v0.10.0 \
jetstack/cert-manager
NAME: cert-manager
LAST DEPLOYED: Wed Jan 9 13:36:13 2019
NAMESPACE: cert-manager
STATUS: DEPLOYED
RESOURCES:
==> v1beta1/ClusterRoleBinding
NAME AGE
cert-manager-webhook-ca-sync 2s
cert-manager-webhook:auth-delegator 2s
cert-manager 2s
==> v1beta1/APIService
NAME AGE
v1beta1.admission.certmanager.k8s.io 2s
==> v1alpha1/Certificate
cert-manager-webhook-webhook-tls 1s
cert-manager-webhook-ca 1s
==> v1beta1/ValidatingWebhookConfiguration
cert-manager-webhook 1s
==> v1/ServiceAccount
NAME SECRETS AGE
cert-manager-webhook-ca-sync 1 2s
cert-manager-webhook 1 2s
cert-manager 1 2s
==> v1beta1/RoleBinding
NAME AGE
cert-manager-webhook:webhook-authentication-reader 2s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
cert-manager-webhook 1 1 1 0 2s
cert-manager 1 1 1 0 2s
==> v1/Job
NAME DESIRED SUCCESSFUL AGE
cert-manager-webhook-ca-sync 1 0 2s
==> v1beta1/CronJob
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
cert-manager-webhook-ca-sync * * */24 * * False 0 <none> 2s
==> v1beta1/ClusterRole
NAME AGE
cert-manager-webhook-ca-sync 2s
cert-manager 2s
==> v1/ClusterRole
cert-manager-webhook:webhook-requester 2s
cert-manager-view 2s
cert-manager-edit 2s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cert-manager-webhook ClusterIP 10.3.244.237 <none> 443/TCP 2s
==> v1/ConfigMap
NAME DATA AGE
cert-manager-webhook-ca-sync 1 2s
==> v1alpha1/Issuer
NAME AGE
cert-manager-webhook-ca 1s
cert-manager-webhook-selfsign 1s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
cert-manager-webhook-745b49d445-rnxm2 0/1 ContainerCreating 0 2s
cert-manager-9cdd9f774-t856z 0/1 ContainerCreating 0 2s
cert-manager-webhook-ca-sync-ddf4b 0/1 ContainerCreating 0 2s
NOTES:
cert-manager has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://docs.cert-manager.io/en/latest/reference/issuers.html
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://docs.cert-manager.io/en/latest/reference/ingress-shim.html
Read the :doc:`getting started guide </getting-started/install>` to install
cert-manager using your prefered method.
Cert-manager uses two different custom resources, also known as `CRD`_'s,
to configure and control how it operates, as well as share status of its