Skip to content

Self-Managed: cert-manager

INFO

Yellowbrick uses cert-manager for certificate management of it's components.

Install cert-manager with Helm. Reference ArtifactHub for all possible options.

When using the commands or values outlined here, please make appropriate substitutions defined as:

ValueDescription
{cluster-name}The name of the Kubernetes cluster
{version}The chart version of cert-manager
{image-repo}The container image repository pushed by the Deployer
{namespace}The Kubernetes namespace into which you want to install

Helm Chart

Running the Yellowbrick Deployer will push the Helm charts and container images you need into your cloud environment. For instructions on pushing assets using the Deployer, see the documentation.

Chart name: cert-manager

The get-assets subcommand can be used to find the version of chart name cert-manager, see cli reference.

Install Command

See Authenticating with ECR

bash
helm install cert-manager oci://{image-repo}/cert-manager \
  -n {namespace}  \
  -f values.yaml \
  --version {version}

Values

Please note that you may need to adjust the node selector values as appropriate for your installation.

yaml
nodeSelector: &nodeSelector
  cluster.yellowbrick.io/hardware_type: t3.large
  cluster.yellowbrick.io/node_type: yb-op-standard

tolerations: &tolerations
  - effect: NoSchedule
    key: cluster.yellowbrick.io/owned
    operator: Equal
    value: "true"

cainjector:
  image:
    repository: {image-repo}/jetstack/cert-manager-cainjector
  nodeSelector: *nodeSelector
  tolerations: *tolerations

image:
  repository: {image-repo}/jetstack/cert-manager-controller

installCRDs: true

nodeSelector: *nodeSelector

securityContext:
  enabled: true
  fsGroup: 1001

startupapicheck:
  image:
    repository: {image-repo}/jetstack/cert-manager-ctl
  nodeSelector: *nodeSelector
  tolerations: *tolerations

tolerations: *tolerations

webhook:
  image:
    repository: {image-repo}/jetstack/cert-manager-webhook
  nodeSelector: *nodeSelector
  tolerations: *tolerations