Step 8: Install cert-manager

This step explains how to download and install cert-manager, required for Apigee hybrid to operate.

Install cert-manager

1. Use the following command to install cert-manager v1.17.2 from GitHub.

   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yaml

   You should see a response that the cert-manager namespace and several cert-manager resources have been created. For example:

   customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured
   customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured
   ...
   mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
   validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
   

2. Use the following command to verify the successful creation of cert-manager namespace and its corresponding components:

   kubectl get all -n cert-manager -o wide

   Your output should be similar to the following example. You should see pods for cert-manager, cert-manager-cainjector, and cert-manager-webhook.

       NAME                                          READY   STATUS    RESTARTS   AGE   IP           NODE                                                  NOMINATED NODE   READINESS GATES
       pod/cert-manager-675d667c9-8rrdf              1/1     Running   0          13s   x.x.x.x      gke-test-apigee-apigee-runtime-fbff3412-fsz9          none             none
       pod/cert-manager-cainjector-6674494d8-lfr5r   1/1     Running   0          13s   x.x.x.x      gke-test-apigee-hy-apigee-data-efb302e2-1gqg          none             none
       pod/cert-manager-webhook-8566bcbc98-5krnh     1/1     Running   0          12s   x.x.x.x      gke-test-apigee-hy-apigee-data-0081cb07-2t5v          none             none
   
       NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE   SELECTOR
       service/cert-manager           ClusterIP   x.x.x.x            none        9402/TCP   13s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
       service/cert-manager-webhook   ClusterIP   x.x.x.x            none        443/TCP    13s   app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
   
       NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS                IMAGES                                             SELECTOR
       deployment.apps/cert-manager              1/1     1            1           13s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.15.1   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
       deployment.apps/cert-manager-cainjector   1/1     1            1           13s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.15.1   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector
       deployment.apps/cert-manager-webhook      1/1     1            1           13s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.15.1      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
   
       NAME                                                DESIRED   CURRENT   READY   AGE   CONTAINERS                IMAGES                                             SELECTOR
       replicaset.apps/cert-manager-675d667c9              1         1         1       13s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.15.1   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=675d667c9
       replicaset.apps/cert-manager-cainjector-6674494d8   1         1         1       13s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.15.1   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=6674494d8
       replicaset.apps/cert-manager-webhook-8566bcbc98     1         1         1       12s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.15.1      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=8566bcbc98

Summary

You now have cert-manager installed, and you are ready to install the Apigee hybrid custom resource definitions (CRDs).

Next step

1 2 3 4 5 6 7 8 (NEXT) Step 9: Install the CRDs 10 11