🔥码云GVP开源项目 12k star Uniapp+ElementUI 功能强大 支持多语言、二开方便! 广告
[TOC] # 版本兼容 请参考 https://cert-manager.io/docs/installation/supported-releases/ # 安装cert-manager ## manifests >[info] 前置条件:kubernetes版本,请参考 [版本兼容](#版本兼容) >[info] manifests安装的话,是指定创建到cert-manager命名空间下的 1. 下载manifests文件 ```shell curl -L -o /etc/kubernetes/addons/cert-manager.crds.yaml https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml curl -L -o /etc/kubernetes/addons/cert-manager.yaml https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.yaml ``` 2. 安装cert-manager ```shell $ kubectl apply -f /etc/kubernetes/addons/cert-manager.crds.yaml -f /etc/kubernetes/addons/cert-manager.yaml customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io unchanged customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io unchanged customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io unchanged customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io unchanged customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io unchanged customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io unchanged serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created configmap/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrole.rbac.authorization.k8s.io/cert-manager-view created clusterrole.rbac.authorization.k8s.io/cert-manager-edit created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created role.rbac.authorization.k8s.io/cert-manager:leaderelection created role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created ``` ## Helm(推荐) >[info] 前置条件: > 1. kubernetes版本,请参考 [版本兼容](#版本兼容) > 2. helm版本要求 `3.x` 1. 添加 Helm 存储库 ```shell $ helm repo add jetstack https://charts.jetstack.io "jetstack" has been added to your repositories ``` 2. 更新本地 Helm 图表存储库缓存 ```shell $ helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "jetstack" chart repository Update Complete. ⎈Happy Helming!⎈ ``` 3. 将 helm 模板输出为 yaml 文件 ```shell $ helm template \ cert-manager jetstack/cert-manager \ --namespace kube-system \ --set installCRDs=true \ > /etc/kubernetes/addons/cert-manager.custom.yaml ``` 4. 安装 cert-manager ```shell $ kubectl apply -f /etc/kubernetes/addons/cert-manager.custom.yaml serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created configmap/cert-manager-webhook created customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrole.rbac.authorization.k8s.io/cert-manager-view created clusterrole.rbac.authorization.k8s.io/cert-manager-edit created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created role.rbac.authorization.k8s.io/cert-manager:leaderelection created role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created serviceaccount/cert-manager-startupapicheck created role.rbac.authorization.k8s.io/cert-manager-startupapicheck:create-cert created rolebinding.rbac.authorization.k8s.io/cert-manager-startupapicheck:create-cert created job.batch/cert-manager-startupapicheck created ``` # 验证服务 ```shell # manifests安装方式验证 $ kubectl get pod -l app.kubernetes.io/instance=cert-manager -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-744b6d8759-vfb4k 1/1 Running 0 4m45s cert-manager-cainjector-85df464f89-57f5d 1/1 Running 0 4m45s cert-manager-webhook-5859488dd9-nb4r7 1/1 Running 0 4m45s # helm安装方式验证 $ kubectl get pod -l app.kubernetes.io/instance=cert-manager -n kube-system NAME READY STATUS RESTARTS AGE cert-manager-59b8db44b7-gbpw4 1/1 Running 0 67m cert-manager-cainjector-59645fb86f-bml66 1/1 Running 0 67m cert-manager-startupapicheck-dshvd 0/1 Completed 0 67m cert-manager-webhook-f75b4d5b5-drbph 1/1 Running 0 67m $ kubectl -n kube-system logs -l app.kubernetes.io/name=startupapicheck Not ready: the cert-manager webhook CA bundle is not injected yet Not ready: the cert-manager webhook CA bundle is not injected yet Not ready: the cert-manager webhook CA bundle is not injected yet Not ready: the cert-manager webhook CA bundle is not injected yet The cert-manager API is ready ``` # 卸载服务 0. 请确保已删除用户创建的不需要的证书管理器资源。 您可以使用以下命令检查任何现有资源 ```shell kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces ``` ## manifests 1. 卸载相关yaml文件 ```shell kubectl delete -f /etc/kubernetes/addons/cert-manager.yaml -f /etc/kubernetes/addons/cert-manager.crds.yaml ``` ## Helm 1. 卸载相关yaml文件 ```shell kubectl delete -f /etc/kubernetes/addons/cert-manager.custom.yaml ``` # 参考文档 cert-manager官网文章:https://cert-manager.io/docs/installation/