diff --git a/docs/getting-started/install/kubernetes.rst b/docs/getting-started/install/kubernetes.rst index 10411a773..f38c01a08 100644 --- a/docs/getting-started/install/kubernetes.rst +++ b/docs/getting-started/install/kubernetes.rst @@ -149,17 +149,17 @@ checking the ``cert-manager`` namespace for running pods: kubectl get pods --namespace cert-manager - NAME READY STATUS RESTARTS AGE - cert-manager-5c6866597-zw7kh 1/1 Running 0 2m - webhook-78fb756679-9bsmf 1/1 Running 0 2m - webhook-ca-sync-1543708620-n82gj 0/1 Completed 0 1m + NAME READY STATUS RESTARTS AGE + cert-manager-5c6866597-zw7kh 1/1 Running 0 2m + cert-manager-cainjector-577f6d9fd7-tr77l 1/1 Running 0 2m + cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m -You should see both the ``cert-manager`` and ``webhook`` component in a Running -state, and the ``ca-sync`` pod is Completed. If the webhook has not Completed -but the ``cert-manager`` pod has recently started, wait a few minutes for the -``ca-sync`` pod to be retried. -If you experience problems, please check the -:doc:`troubleshooting guide <../troubleshooting>`. +You should see the ``cert-manager``, ``cert-manager-cainjector`` and +``cert-manager-webhook` pod in a Running state. +It may take a minute or so for the TLS assets required for the webhook to +function to be provisioned. This may cause the webhook to take a while longer +to start for the first time than other pods. If you experience problems, please +check the :doc:`troubleshooting guide <../troubleshooting>`. The following steps will confirm that cert-manager is set up correctly and able to issue basic certificate types: diff --git a/docs/tutorials/acme/quick-start/index.rst b/docs/tutorials/acme/quick-start/index.rst index 8689db434..020ca858b 100644 --- a/docs/tutorials/acme/quick-start/index.rst +++ b/docs/tutorials/acme/quick-start/index.rst @@ -344,126 +344,11 @@ Step 5 - Deploy Cert Manager ============================ We need to install cert-manager to do the work with kubernetes to request a -certificate and respond to the challenge to validate it. We can use helm to -install cert-manager. This example installed cert-manager into the -`kube-system` namespace from the public helm charts. +certificate and respond to the challenge to validate it. We can use helm or +plain Kubernetes manifest to install cert-manager. -.. code-block:: shell - - # Install the cert-manager CRDs. We must do this before installing the Helm - # chart in the next step for `release-0.10` of cert-manager: - $ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.10/deploy/manifests/00-crds.yaml - - # Create the namespace for cert-manager - $ kubectl create namespace cert-manager - - # Label the cert-manager namespace to disable resource validation - $ kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true - - ## Add the Jetstack Helm repository - $ helm repo add jetstack https://charts.jetstack.io - - ## Updating the repo just incase it already existed - $ helm repo update - - ## Install the cert-manager helm chart - $ helm install \ - --name cert-manager \ - --namespace cert-manager \ - --version v0.10.0 \ - jetstack/cert-manager - - NAME: cert-manager - LAST DEPLOYED: Wed Jan 9 13:36:13 2019 - NAMESPACE: cert-manager - STATUS: DEPLOYED - - RESOURCES: - ==> v1beta1/ClusterRoleBinding - NAME AGE - cert-manager-webhook-ca-sync 2s - cert-manager-webhook:auth-delegator 2s - cert-manager 2s - - ==> v1beta1/APIService - NAME AGE - v1beta1.admission.certmanager.k8s.io 2s - - ==> v1alpha1/Certificate - cert-manager-webhook-webhook-tls 1s - cert-manager-webhook-ca 1s - - ==> v1beta1/ValidatingWebhookConfiguration - cert-manager-webhook 1s - - ==> v1/ServiceAccount - NAME SECRETS AGE - cert-manager-webhook-ca-sync 1 2s - cert-manager-webhook 1 2s - cert-manager 1 2s - - ==> v1beta1/RoleBinding - NAME AGE - cert-manager-webhook:webhook-authentication-reader 2s - - ==> v1beta1/Deployment - NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE - cert-manager-webhook 1 1 1 0 2s - cert-manager 1 1 1 0 2s - - ==> v1/Job - NAME DESIRED SUCCESSFUL AGE - cert-manager-webhook-ca-sync 1 0 2s - - ==> v1beta1/CronJob - NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE - cert-manager-webhook-ca-sync * * */24 * * False 0 2s - - ==> v1beta1/ClusterRole - NAME AGE - cert-manager-webhook-ca-sync 2s - cert-manager 2s - - ==> v1/ClusterRole - cert-manager-webhook:webhook-requester 2s - cert-manager-view 2s - cert-manager-edit 2s - - ==> v1/Service - NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - cert-manager-webhook ClusterIP 10.3.244.237 443/TCP 2s - - ==> v1/ConfigMap - NAME DATA AGE - cert-manager-webhook-ca-sync 1 2s - - ==> v1alpha1/Issuer - NAME AGE - cert-manager-webhook-ca 1s - cert-manager-webhook-selfsign 1s - - ==> v1/Pod(related) - NAME READY STATUS RESTARTS AGE - cert-manager-webhook-745b49d445-rnxm2 0/1 ContainerCreating 0 2s - cert-manager-9cdd9f774-t856z 0/1 ContainerCreating 0 2s - cert-manager-webhook-ca-sync-ddf4b 0/1 ContainerCreating 0 2s - - NOTES: - cert-manager has been deployed successfully! - - In order to begin issuing certificates, you will need to set up a ClusterIssuer - or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). - - More information on the different types of issuers and how to configure them - can be found in our documentation: - - https://docs.cert-manager.io/en/latest/reference/issuers.html - - For information on how to configure cert-manager to automatically provision - Certificates for Ingress resources, take a look at the `ingress-shim` - documentation: - - https://docs.cert-manager.io/en/latest/reference/ingress-shim.html +Read the :doc:`getting started guide ` to install +cert-manager using your prefered method. Cert-manager uses two different custom resources, also known as `CRD`_'s, to configure and control how it operates, as well as share status of its