openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bccb026e9beac58ee57722f69a0841cce4e9ce28
openshift-docs/modules/cert-manager-certificate-api-server.adoc
xenolinux 84120d60ea OSDOCS#17173: CQA 2.0 cert-manager Operator
2026-01-22 08:46:02 +00:00

74 lines
2.1 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * security/cert_manager_operator/cert-manager-creating-certificate.adoc
:_mod-docs-content-type: PROCEDURE
[id="cert-manager-certificate-api-server_{context}"]
= Creating certificates for the API server
[role="_abstract"]
To secure interactions with the cluster control plane, create TLS certificates for the API server by using the {cert-manager-operator}.
.Prerequisites
* You have access to the cluster with `cluster-admin` privileges.
* You have installed version 1.13.0 or later of the {cert-manager-operator}.
.Procedure
. Create an issuer. For more information, see "Configuring an issuer" in the "Additional resources" section.
. Create a certificate:
.. Create a YAML file, for example, `certificate.yaml`, that defines the `Certificate` object:
+
[source, yaml]
----
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: <tls_cert>
namespace: openshift-config
spec:
isCA: false
commonName: "api.<cluster_base_domain>"
secretName: <secret_name>
dnsNames:
- "api.<cluster_base_domain>"
issuerRef:
name: <issuer_name>
kind: Issuer
----
+
where:
+
`<tls_cert>`:: Specifies a name for the certificate.
`<cluster_base_domain>`:: Specifies the common name (CN).
`<secret_name>`:: Specifies the name of the secret to create that contains the certificate.
`<issuer_name>`:: Specifies the name of the issuer.
.. Create the `Certificate` object by running the following command:
+
[source, terminal]
----
$ oc create -f certificate.yaml
----
. Add the API server named certificate. For more information, see "Adding an API server named certificate" section in the "Additional resources" section.
+
[NOTE]
====
To ensure the certificates are updated, run the `oc login` command again after the certificate is created.
====
.Verification
* Verify that the certificate is created and ready to use by running the following command:
+
[source, terminal]
----
$ oc get certificate -w -n openshift-config
----
+
Once certificate is in `Ready` status, API server on your cluster can start using the generated certificate secret.
View Git Blame Copy Permalink