mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
cert-manager content improvement
This commit is contained in:
Shubha Narayanan
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
01a4fef699
commit
c36a127778
@@ -1113,22 +1113,16 @@ Topics:
|
||||
File: cert-manager-operator-issuer-acme
|
||||
- Name: Configuring certificates with an issuer
|
||||
File: cert-manager-creating-certificate
|
||||
- Name: Enabling monitoring for the cert-manager Operator for Red Hat OpenShift
|
||||
- Name: Monitoring the cert-manager Operator for Red Hat OpenShift
|
||||
File: cert-manager-monitoring
|
||||
- Name: Configuring the egress proxy for the cert-manager Operator for Red Hat OpenShift
|
||||
- Name: Configuring the egress proxy
|
||||
File: cert-manager-operator-proxy
|
||||
- Name: Customizing cert-manager by using the cert-manager Operator API fields
|
||||
File: cert-manager-customizing-api-fields
|
||||
- Name: Authenticating the cert-manager Operator with AWS Security Token Service
|
||||
File: cert-manager-authenticate-aws
|
||||
- Name: Authenticating the cert-manager Operator for Red Hat OpenShift
|
||||
File: cert-manager-authenticate
|
||||
- Name: Configuring log levels for cert-manager and the cert-manager Operator for Red Hat OpenShift
|
||||
File: cert-manager-log-levels
|
||||
- Name: Authenticating the cert-manager Operator for Red Hat OpenShift with GCP Workload Identity
|
||||
File: cert-manager-authenticate-gcp
|
||||
- Name: Authenticating the cert-manager Operator for Red Hat OpenShift on AWS
|
||||
File: cert-manager-authentication-non-sts
|
||||
- Name: Authenticating the cert-manager Operator for Red Hat OpenShift on GCP
|
||||
File: cert-manager-authenticate-non-sts-gcp
|
||||
- Name: Uninstalling the cert-manager Operator for Red Hat OpenShift
|
||||
File: cert-manager-operator-uninstall
|
||||
- Name: Viewing audit logs
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/cert-manager-authenticate-aws.adoc
|
||||
// * security/cert_manager_operator/cert-manager-authenticate.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-configure-cloud-credentials-aws-non-sts_{context}"]
|
||||
= Configuring cloud credentials for the {cert-manager-operator} on AWS
|
||||
|
||||
To configure the cloud credentials for the {cert-manager-operator} on the AWS cluster you must generate the cloud credentials secret by creating a `CredentialsRequest` object, and allowing the Cloud Credential Operator.
|
||||
= Authenticating on AWS
|
||||
|
||||
.Prerequisites
|
||||
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/cert-manager-authenticate-aws.adoc
|
||||
// * security/cert_manager_operator/cert-manager-authenticate.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-configure-cloud-credentials-aws-sts_{context}"]
|
||||
= Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster
|
||||
|
||||
To configure the cloud credentials for the {cert-manager-operator} on the AWS Security Token Service (STS) cluster with the cloud credentials. You must generate the cloud credentials manually, and apply it on the cluster by using the `ccoctl` binary.
|
||||
= Authenticating with AWS Security Token Service
|
||||
|
||||
.Prerequisites
|
||||
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc
|
||||
// * security/cert_manager_operator/cert-manager-authenticate.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-configure-cloud-credentials-gcp-non-sts_{context}"]
|
||||
= Configuring cloud credentials for the {cert-manager-operator} on GCP
|
||||
|
||||
To configure the cloud credentials for the {cert-manager-operator} on a GCP cluster you must create a `CredentialsRequest` object, and allow the Cloud Credential Operator to generate the cloud credentials secret.
|
||||
= Authenticating on GCP
|
||||
|
||||
.Prerequisites
|
||||
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/cert-manager-authenticate-gcp.adoc
|
||||
// * security/cert_manager_operator/cert-manager-authenticate.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-configure-cloud-credentials-gcp-sts_{context}"]
|
||||
= Configuring cloud credentials for the {cert-manager-operator} with GCP Workload Identity
|
||||
|
||||
Generate the cloud credentials for the {cert-manager-operator} by using the `ccoctl` binary. Then, apply them to the GCP Workload Identity cluster.
|
||||
= Authenticating with GCP Workload Identity
|
||||
|
||||
.Prerequisites
|
||||
|
||||
|
||||
@@ -30,9 +30,9 @@ apiVersion: operator.openshift.io/v1alpha1
|
||||
kind: CertManager
|
||||
...
|
||||
spec:
|
||||
logLevel: Normal <1>
|
||||
logLevel: <log_level> <1>
|
||||
----
|
||||
<1> The default `logLevel` is `Normal`. Replace `Normal` with the desired log level value. The valid log level values for the `CertManager` resource are `Normal`, `Debug`, `Trace`, and `TraceAll`. To audit logs and perform common operations when everything is fine, set `logLevel` to `Normal` . To troubleshoot a minor issue by viewing verbose logs, set `logLevel` to `Debug` . To troubleshoot a major issue by viewing more verbose logs, you can set `logLevel` to `Trace`. To troubleshoot serious issues, set `logLevel` to `TraceAll`.
|
||||
<1> The valid log level values for the `CertManager` resource are `Normal`, `Debug`, `Trace`, and `TraceAll`. To audit logs and perform common operations when there are no issues, set `logLevel` to `Normal` . To troubleshoot a minor issue by viewing verbose logs, set `logLevel` to `Debug` . To troubleshoot a major issue by viewing more verbose logs, you can set `logLevel` to `Trace`. To troubleshoot serious issues, set `logLevel` to `TraceAll`. The default `logLevel` is `Normal`.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
|
||||
130
modules/cert-manager-install-cli.adoc
Normal file
130
modules/cert-manager-install-cli.adoc
Normal file
@@ -0,0 +1,130 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/cert-manager-operator-install.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-install-cli_{context}"]
|
||||
= Installing the {cert-manager-operator} by using the CLI
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You have access to the cluster with `cluster-admin` privileges.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Create a new project named `cert-manager-operator` by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc new-project cert-manager-operator
|
||||
----
|
||||
|
||||
. Create an `OperatorGroup` object:
|
||||
|
||||
.. Create a YAML file, for example, `operatorGroup.yaml`, with the following content:
|
||||
+
|
||||
[source, yaml]
|
||||
----
|
||||
apiVersion: operators.coreos.com/v1
|
||||
kind: OperatorGroup
|
||||
metadata:
|
||||
name: openshift-cert-manager-operator
|
||||
namespace: cert-manager-operator
|
||||
spec:
|
||||
targetNamespaces:
|
||||
- "cert-manager-operator"
|
||||
----
|
||||
|
||||
.. Create the `OperatorGroup` object by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc create -f operatorGroup.yaml
|
||||
----
|
||||
|
||||
. Create a `Subscription` object:
|
||||
|
||||
.. Create a YAML file, for example, `subscription.yaml`, that defines the `Subscription` object:
|
||||
+
|
||||
[source, yaml]
|
||||
----
|
||||
apiVersion: operators.coreos.com/v1alpha1
|
||||
kind: Subscription
|
||||
metadata:
|
||||
name: openshift-cert-manager-operator
|
||||
namespace: cert-manager-operator
|
||||
spec:
|
||||
channel: stable-v1
|
||||
name: openshift-cert-manager-operator
|
||||
source: redhat-operators
|
||||
sourceNamespace: openshift-marketplace
|
||||
installPlanApproval: Automatic
|
||||
startingCSV: cert-manager-operator.v1.13.0
|
||||
----
|
||||
|
||||
.. Create the `Subscription` object by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc create -f subscription.yaml
|
||||
----
|
||||
|
||||
.Verification
|
||||
|
||||
. Verify that the OLM subscription is created by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc get subscription -n cert-manager-operator
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source, terminal]
|
||||
----
|
||||
NAME PACKAGE SOURCE CHANNEL
|
||||
openshift-cert-manager-operator openshift-cert-manager-operator redhat-operators stable-v1
|
||||
----
|
||||
|
||||
. Verify whether the Operator is successfully installed by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc get csv -n cert-manager-operator
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source, terminal]
|
||||
----
|
||||
NAME DISPLAY VERSION REPLACES PHASE
|
||||
cert-manager-operator.v1.13.0 cert-manager Operator for Red Hat OpenShift 1.13.0 cert-manager-operator.v1.12.1 Succeeded
|
||||
----
|
||||
|
||||
. Verify that the status {cert-manager-operator} is `Running` by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc get pods -n cert-manager-operator
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source, terminal]
|
||||
----
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
cert-manager-operator-controller-manager-695b4d46cb-r4hld 2/2 Running 0 7m4s
|
||||
----
|
||||
|
||||
. Verify that the status of cert-manager pods is `Running` by running the following command:
|
||||
+
|
||||
[source, terminal]
|
||||
----
|
||||
$ oc get pods -n cert-manager
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source, terminal]
|
||||
----
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
cert-manager-58b7f649c4-dp6l4 1/1 Running 0 7m1s
|
||||
cert-manager-cainjector-5565b8f897-gx25h 1/1 Running 0 7m37s
|
||||
cert-manager-webhook-9bc98cbdd-f972x 1/1 Running 0 7m40s
|
||||
----
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="cert-manager-install-console_{context}"]
|
||||
= Installing the {cert-manager-operator} using the web console
|
||||
= Installing the {cert-manager-operator} by using the web console
|
||||
|
||||
You can use the web console to install the {cert-manager-operator}.
|
||||
|
||||
@@ -21,11 +21,13 @@ You can use the web console to install the {cert-manager-operator}.
|
||||
|
||||
. Enter *{cert-manager-operator}* into the filter box.
|
||||
|
||||
. Select the *{cert-manager-operator}* and click *Install*.
|
||||
. Select the *{cert-manager-operator}*
|
||||
|
||||
. Select the {cert-manager-operator} version from *Version* drop-down list, and click *Install*.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
From the {cert-manager-operator} `1.12.0` and later, the z-stream versions of the upstream cert-manager operands such as cert-manager controller, CA injector, Webhook, and {cert-manager-operator} are decoupled. For example, for the {cert-manager-operator} `1.12.0`, the cert-manager operand version is `v1.12.4`.
|
||||
See supported {cert-manager-operator} versions in the following "Additional resources" section.
|
||||
====
|
||||
|
||||
. On the *Install Operator* page:
|
||||
|
||||
10
modules/cert-manager-supported-versions.adoc
Normal file
10
modules/cert-manager-supported-versions.adoc
Normal file
@@ -0,0 +1,10 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * security/cert_manager_operator/index.adoc
|
||||
|
||||
:_mod-docs-content-type: REFERENCE
|
||||
[id="cert-manager-operator-supported-versions_{context}"]
|
||||
== Supported {cert-manager-operator} versions
|
||||
{product-title} {product-version} supports the following versions of {cert-manager-operator}:
|
||||
|
||||
* {cert-manager-operator} 1.13
|
||||
@@ -1,16 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-authenticate-aws"]
|
||||
= Authenticating the {cert-manager-operator} with AWS Security Token Service
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-authenticate-aws
|
||||
|
||||
toc::[]
|
||||
|
||||
You can authenticate the {cert-manager-operator} on the AWS Security Token Service (STS) cluster. You can configure cloud credentials for the {cert-manager-operator} by using the `ccoctl` binary.
|
||||
|
||||
include::modules/cert-manager-configure-cloud-credentials-aws-sts.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_cert-manager-authenticate-gcp"]
|
||||
== Additional resources
|
||||
* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
|
||||
@@ -1,16 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-authenticate-gcp"]
|
||||
= Authenticating the {cert-manager-operator} with GCP Workload Identity
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-authenticate-gcp
|
||||
|
||||
toc::[]
|
||||
|
||||
You can authenticate the {cert-manager-operator} on the GCP Workload Identity cluster by using the cloud credentials. You can configure the cloud credentials by using the `ccoctl` binary.
|
||||
|
||||
include::modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_cert-manager-authenticate-gcp-workload-identity"]
|
||||
== Additional resources
|
||||
* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#cco-ccoctl-configuring_installing-gcp-customizations[Configuring the Cloud Credential Operator utility]
|
||||
@@ -1,11 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-authenticate-non-sts-gcp"]
|
||||
= Authenticating the {cert-manager-operator} on GCP
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-authenticate-non-sts-gcp
|
||||
|
||||
toc::[]
|
||||
|
||||
You can configure cloud credentials for the {cert-manager-operator} on a GCP cluster. The cloud credentials are generated by the Cloud Credential Operator.
|
||||
|
||||
include::modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc[leveloffset=+1]
|
||||
@@ -0,0 +1,37 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-authenticate-aws"]
|
||||
= Authenticating the {cert-manager-operator}
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-authenticate
|
||||
|
||||
toc::[]
|
||||
|
||||
You can authenticate the cert-manager Operator for Red Hat OpenShift on the cluster by configuring the cloud credentials.
|
||||
|
||||
// on AWS
|
||||
include::modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc[leveloffset=+1]
|
||||
|
||||
// with AWS Security Token Service
|
||||
include::modules/cert-manager-configure-cloud-credentials-aws-sts.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_cert-manager-authenticate-gcp"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
|
||||
|
||||
// on GCP
|
||||
include::modules/cert-manager-configure-cloud-credentials-gcp-non-sts.adoc[leveloffset=+1]
|
||||
|
||||
// with GCP Workload Identity
|
||||
include::modules/cert-manager-configure-cloud-credentials-gcp-sts.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_cert-manager-authenticate-gcp-workload-identity"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#cco-ccoctl-configuring_installing-gcp-customizations[Configuring the Cloud Credential Operator utility]
|
||||
|
||||
* xref:../../authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc#cco-short-term-creds[Manual mode with short-term credentials for components]
|
||||
|
||||
* xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator-default_about-cloud-credential-operator[Default behavior of the Cloud Credential Operator]
|
||||
@@ -1,11 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-authentication-non-sts"]
|
||||
= Authenticating the {cert-manager-operator} on AWS
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-authentication-non-sts
|
||||
|
||||
toc::[]
|
||||
|
||||
You can configure the cloud credentials for the {cert-manager-operator} on the AWS cluster. The cloud credentials are generated by the Cloud Credential Operator.
|
||||
|
||||
include::modules/cert-manager-configure-cloud-credentials-aws-non-sts.adoc[leveloffset=+1]
|
||||
@@ -1,6 +1,6 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="cert-manager-monitoring"]
|
||||
= Enabling monitoring for the {cert-manager-operator}
|
||||
= Monitoring {cert-manager-operator}
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-monitoring
|
||||
|
||||
|
||||
@@ -8,8 +8,16 @@ toc::[]
|
||||
|
||||
The {cert-manager-operator} is not installed in {product-title} by default. You can install the {cert-manager-operator} by using the web console.
|
||||
|
||||
== Installing the {cert-manager-operator}
|
||||
// Installing the {cert-manager-operator} using the web console
|
||||
include::modules/cert-manager-install-console.adoc[leveloffset=+1]
|
||||
include::modules/cert-manager-install-console.adoc[leveloffset=+2]
|
||||
|
||||
//Installing using CLI
|
||||
include::modules/cert-manager-install-cli.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* xref:../cert_manager_operator/index.adoc#cert-manager-operator-supported-versions_cert-manager-operator-about[Supported {cert-manager-operator} versions]
|
||||
|
||||
// Updating paths for the {cert-manager-operator}
|
||||
include::modules/cert-manager-operator-update-channels.adoc[leveloffset=+1]
|
||||
|
||||
@@ -61,10 +61,10 @@ include::modules/cert-manager-acme-dns01-explicit-azure.adoc[leveloffset=+1]
|
||||
[id="additional-resources_cert-manager-operator-issuer-acme"]
|
||||
== Additional resources
|
||||
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate-aws.adoc#cert-manager-configure-cloud-credentials-aws-sts_cert-manager-authenticate-aws[Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster]
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-aws-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} for the AWS Security Token Service cluster]
|
||||
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authentication-non-sts.adoc#cert-manager-configure-cloud-credentials-aws-non-sts_cert-manager-authentication-non-sts[Configuring cloud credentials for the {cert-manager-operator} on AWS]
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-aws-non-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} on AWS]
|
||||
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate-gcp.adoc#cert-manager-configure-cloud-credentials-gcp-sts_cert-manager-authenticate-gcp[Configuring cloud credentials for the {cert-manager-operator} with GCP Workload Identity]
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-gcp-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} with GCP Workload Identity]
|
||||
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate-non-sts-gcp.adoc#cert-manager-configure-cloud-credentials-gcp-non-sts_cert-manager-authenticate-non-sts-gcp[Configuring cloud credentials for the {cert-manager-operator} on GCP]
|
||||
* xref:../../security/cert_manager_operator/cert-manager-authenticate.adoc#cert-manager-configure-cloud-credentials-gcp-non-sts_cert-manager-authenticate[Configuring cloud credentials for the {cert-manager-operator} on GCP]
|
||||
@@ -4,8 +4,6 @@
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: cert-manager-operator-proxy
|
||||
|
||||
toc::[]
|
||||
|
||||
If a cluster-wide egress proxy is configured in {product-title}, Operator Lifecycle Manager (OLM) automatically configures Operators that it manages with the cluster-wide proxy. OLM automatically updates all of the Operator's deployments with the `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` environment variables.
|
||||
|
||||
You can inject any CA certificates that are required for proxying HTTPS connections into the {cert-manager-operator}.
|
||||
|
||||
@@ -17,6 +17,10 @@ include::modules/cert-manager-issuer-types.adoc[leveloffset=+1]
|
||||
// Certificate request methods
|
||||
include::modules/cert-manager-request-methods.adoc[leveloffset=+1]
|
||||
|
||||
//Supported versions
|
||||
include::modules/cert-manager-supported-versions.adoc[leveloffset=+1]
|
||||
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="cert-manager-operator-about_additional-resources"]
|
||||
== Additional resources
|
||||
|
||||
Reference in New Issue
Block a user