Installing OpenShift Routes for cert-manager using Helm¶
Learn how to install OpenShift Routes for cert-manager for cert-manager using Helm.
Important
If you use your own registry, which replicates the CyberArk images, replace the address of your own registry in any of the relevant commands given on this page.
Step 1: Configure access to the CyberArk OCI registry¶
Configure access to the CyberArk OCI registry. Follow the instructions in Configuring access to the CyberArk OCI Registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.
The sample file below, for example, assumes you created a Kubernetes Secret using venafi as the namespace and venafi-image-pull-secret as the name of the secret.
Step 2: Install cert-manager using Helm¶
If you are running OpenShift Routes for cert-manager you must also install cert-manager.
-
To install cert-manager in the
venafinamespace and configure it to use a pull secret, createcert-manager.values.yaml.If using your own registry, uncomment and set
imageRegistryandimageNamespacefor the Helm chart to resolve image references.cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true # Add the following only if using your own registry # imageRegistry: myregistry.example.com # imageNamespace: cert-manager -
Use Helm to install cert-manager and wait for it to be ready.
- Registry URL: In the Helm command, replace
registry-example.comwith either the CyberArk OCI registry URL for your region or your own registry URL.
helm upgrade cert-manager oci://registry-example.com/charts/cert-manager \ --install \ --wait \ --create-namespace \ --namespace venafi \ --values cert-manager.values.yaml \ --version v1.20.0 - Registry URL: In the Helm command, replace
Prior to cert-manager v1.20, you specify the full image repository path for each component in the values file and enter a registry URL.
-
To install cert-manager in the venafi namespace and configure it to use a pull secret, create `cert-manager.values.yaml.
In the following example, replace each instance of
<registry-url.com>with either the CyberArk OCI registry URL for your region or your own registry URL.cert-manager.values.yamlglobal: imagePullSecrets: - name: venafi-image-pull-secret crds: enabled: true image: repository: <registry-url.com>/cert-manager/cert-manager-controller acmesolver: image: repository: <registry-url.com>/cert-manager/cert-manager-acmesolver webhook: image: repository: <registry-url.com>/cert-manager/cert-manager-webhook cainjector: image: repository: <registry-url.com>/cert-manager/cert-manager-cainjector startupapicheck: image: repository: <registry-url.com>/cert-manager/cert-manager-startupapicheck -
Use Helm to install cert-manager and wait for it to be ready:
helm upgrade cert-manager oci://<registry-url.com>/charts/cert-manager \ --install \ --wait \ --create-namespace \ --namespace venafi \ --values cert-manager.values.yaml \ --version v1.19.4
Step 3: Install OpenShift Routes for cert-manager using Helm¶
-
Create a
openshiftroutes.values.yamlfile to define any Helm values you require. For example:image: repository: private-registry.venafi.cloud/openshift-routes/cert-manager-openshift-routes imagePullSecrets: - name: venafi-image-pull-secretFor more information on the available Helm values for OpenShift Routes for cert-manager, see OpenShift Routes for cert-manager Helm values.
-
Type the following command:
helm upgrade openshift-routes oci://registry.venafi.cloud/charts/openshift-routes \ --install \ --wait \ --namespace venafi \ --version v0.9.0 \ --values openshiftroutes.values.yamlNote
For more information about Helm support for OCI package distribution, see the Helm documentation.