From 644e487341bc366fcb210e5273f740d6898e5d44 Mon Sep 17 00:00:00 2001
From: Tami Love <tlove@redhat.com>
Date: Mon, 11 Aug 2025 02:36:00 -0400
Subject: [PATCH] Add cert-manager assembly file

---
 _topic_maps/_topic_map_ms.yml                 |  2 +
 .../microshift-cert-manager.adoc              | 16 ++++
 modules/microshift-cert-manager-tasks.adoc    | 15 ++++
 .../microshift-install-cert-manager-olm.adoc  | 10 +++
 modules/microshift-install-cert-manager.adoc  | 79 +++++++++++++++++++
 5 files changed, 122 insertions(+)
 create mode 100644 microshift_running_apps/microshift-cert-manager.adoc
 create mode 100644 modules/microshift-cert-manager-tasks.adoc
 create mode 100644 modules/microshift-install-cert-manager-olm.adoc
 create mode 100644 modules/microshift-install-cert-manager.adoc

diff --git a/_topic_maps/_topic_map_ms.yml b/_topic_maps/_topic_map_ms.yml
index 2d4f35e5ed..5f47060d4d 100644
--- a/_topic_maps/_topic_map_ms.yml
+++ b/_topic_maps/_topic_map_ms.yml
@@ -211,6 +211,8 @@ Topics:
   File: microshift-applications
 - Name: Deleting or updating Kustomize manifest resources
   File: microshift-deleting-resource-manifests
+- Name: Using MicroShift certificate manager
+  File: microshift-cert-manager
 - Name: Configuring Observability
   File: microshift-observability-service
 - Name: Embedding applications on RHEL for Edge
diff --git a/microshift_running_apps/microshift-cert-manager.adoc b/microshift_running_apps/microshift-cert-manager.adoc
new file mode 100644
index 0000000000..bca398f7cc
--- /dev/null
+++ b/microshift_running_apps/microshift-cert-manager.adoc
@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-cert-manager"]
+= Using certificate manager on a {microshift-short} node
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-cert-manager
+
+toc::[]
+
+[role="_abstract"]
+The {microshift-short} certificate manager supports managing TLS certificates. This integration results in the issue, renewal, and management of certificate from certificate authorities.
+
+include::modules/microshift-cert-manager-tasks.adoc[leveloffset=+1]
+
+include::modules/microshift-install-cert-manager.adoc[leveloffset=+1]
+
+include::modules/microshift-install-cert-manager-olm.adoc[leveloffset=+1]
\ No newline at end of file
diff --git a/modules/microshift-cert-manager-tasks.adoc b/modules/microshift-cert-manager-tasks.adoc
new file mode 100644
index 0000000000..1bbb891203
--- /dev/null
+++ b/modules/microshift-cert-manager-tasks.adoc
@@ -0,0 +1,15 @@
+// Module included in the following assemblies:
+//
+// * microshift_running_apps/microshift-cert-manager.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-cert-manager-tasks_{context}"]
+= {microshift-short} certificate manager functions
+
+[role="_abstract"]
+With {microshift-short} certificate manager, you can complete the following tasks:
+
+* Automates certificate management: cert-manager creates or updates certificates and detects Kubernetes resources that are annotated with `cert-manager.io/kind`.
+* Supports multiple CAs: provides flexibility to select one that fits the security and operational needs.
+* Simplifies ingress certificates: cert-manager handles certificates for an ingress controller, which simplifies the configuration and management of secure communication channels.
+* Enhances security: certificate management is automated and the risk of error is reduced. Certificates are current and valid, which contribute to a secure environment.
\ No newline at end of file
diff --git a/modules/microshift-install-cert-manager-olm.adoc b/modules/microshift-install-cert-manager-olm.adoc
new file mode 100644
index 0000000000..e0fbfaf9fb
--- /dev/null
+++ b/modules/microshift-install-cert-manager-olm.adoc
@@ -0,0 +1,10 @@
+// Module included in the following assemblies:
+//
+//  microshift_running_apps/microshift-cert-manager.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-install-cert-manager-olm_{context}"]
+= Installing and enabling the cert-manager Operator using OLM
+
+[role="_abstract"]
+You can install the optional `microshift-cert-manager` by using OLM at any time. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/{ocp-version}/html/running_applications/operators#microshift-operators-olm[Using Operator Lifecycle Manager with MicroShift] and link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html/security_and_compliance/cert-manager-operator-for-red-hat-openshift#cert-manager-operator-install[Installing the cert-manager Operator for Red Hat OpenShift].
diff --git a/modules/microshift-install-cert-manager.adoc b/modules/microshift-install-cert-manager.adoc
new file mode 100644
index 0000000000..df05de5730
--- /dev/null
+++ b/modules/microshift-install-cert-manager.adoc
@@ -0,0 +1,79 @@
+// Module included in the following assemblies:
+//
+//  microshift_running_apps/microshift-cert-manager.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-install-cert-manager_{context}"]
+= Installing and enabling the cert-manager Operator using RPM
+
+[role="_abstract"]
+The microshift-cert-manager RPM is an optional component that can be installed at any time. Follow these steps to install and verify the certificate manager:
+
+.Procedure
+
+. Install the `cert-manager-operator` using the `microshift-cert-manager` RPM by running the following command:
++
+[source,terminal]
+----
+$ sudo dnf install microshift-cert-manager
+----
+
+. Verify the certificate manager versions that are used by running the following command:
++
+[source,terminal]
+----
+$ rpm -qi microshift-cert-manager
+----
+
+. Restart {microshift-short} by running the following command:
++
+[source,terminal]
+----
+$ systemctl microshift restart
+----
+
+. Verify that the `microshift-cert-manager` RPM is installed by running the following command:
++
+[source,terminal]
+----
+$ oc get deployment -n  cert-manager-operator
+----
++
+.Example output 
+[source,terminal]
+----
+NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
+cert-manager-operator-controller-manager   1/1     1            1           2d22h
+----
+
+. Verify that the`cert-manager` deployments are in a ready state and are up-to-date in the cert-manager namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get deployment -n cert-manager
+----
++
+.Example output 
+[source,terminal]
+----
+NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
+cert-manager              1/1     1            1           2d22h
+cert-manager-cainjector   1/1     1            1           2d22h
+cert-manager-webhook      1/1     1            1           2d22h
+----
+
+. Verify that the pods are running in the `cert-manager` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc get pods -n cert-manager
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                       READY   STATUS    RESTARTS   AGE
+cert-manager-7cfb4fbb84-qdmk8              1/1     Running   2          2d22h
+cert-manager-cainjector-854f669657-xzs8b   1/1     Running   2          2d22h
+cert-manager-webhook-68fd6d5f5c-j942h      1/1     Running   2          2d22h
+----