2020-08-31 11:01:56 -04:00
|
|
|
|
|
|
|
|
.. svy1588343679366
|
|
|
|
|
.. _enable-public-use-of-the-cert-manager-acmesolver-image:
|
|
|
|
|
|
|
|
|
|
======================================================
|
|
|
|
|
Enable Public Use of the cert-manager-acmesolver Image
|
|
|
|
|
======================================================
|
|
|
|
|
|
|
|
|
|
When an arbitrary non-admin user creates a certificate with an external |CA|,
|
|
|
|
|
cert-manager dynamically creates a pod \(image=cert-manager-acmesolver\)
|
|
|
|
|
and an ingress in the user-specified namespace in order to handle the
|
|
|
|
|
http01 challenge from the external CA.
|
|
|
|
|
|
|
|
|
|
.. rubric:: |context|
|
|
|
|
|
|
|
|
|
|
As part of the application-apply of cert-manager at bootstrap time, the
|
|
|
|
|
cert-manager-acmesolver image has been pulled from an external registry and
|
|
|
|
|
pushed to
|
|
|
|
|
registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver:<tag>.
|
|
|
|
|
However, this repository within registry.local is secured such that only
|
|
|
|
|
**admin** can access these images.
|
|
|
|
|
|
|
|
|
|
The registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver:<tag>
|
|
|
|
|
image needs to be copied by **admin** into a public repository,
|
|
|
|
|
registry.local:9001:/public. If you have not yet set up a public
|
2021-05-21 17:03:32 -03:00
|
|
|
repository, see |admintasks-doc|: :ref:`Set up a Public Repository in Local Docker Registry
|
2020-08-31 11:01:56 -04:00
|
|
|
<setting-up-a-public-repository>`.
|
|
|
|
|
|
|
|
|
|
.. rubric:: |proc|
|
|
|
|
|
|
|
|
|
|
#. Determine the image tag of cert-manager-acmesolver image.
|
|
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
2021-03-15 16:56:04 -03:00
|
|
|
~(keystone_admin)]$ system registry-image-tags quay.io/jetstack/cert-manager-acmesolver
|
2020-08-31 11:01:56 -04:00
|
|
|
|
|
|
|
|
#. Copy the cert-manager-acmesolver image, and replace <TAG> with the tag
|
|
|
|
|
you want to copy from previous step.
|
|
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
|
|
|
|
$ sudo docker login registry.local:9001
|
|
|
|
|
username: admin
|
|
|
|
|
password: <admin-password>
|
|
|
|
|
$
|
|
|
|
|
$ sudo docker pull registry.local:9001/quay.io/jetstack/cert-manager-acmesolver:<TAG>
|
|
|
|
|
$ sudo docker tag registry.local:9001/quay.io/jetstack/cert-manager-acmesolver:<TAG> registry.local:9001/public/cert-manager-acmesolver:<TAG>
|
|
|
|
|
$ sudo docker push registry.local:9001/public/cert-manager-acmesolver:<TAG>
|
|
|
|
|
|
|
|
|
|
#. Update the cert-manager application to use this public image.
|
|
|
|
|
|
|
|
|
|
#. Create an overrides file.
|
|
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
2021-03-15 16:56:04 -03:00
|
|
|
~(keystone_admin)]$ cat <<EOF > cm-override-values.yaml
|
2020-08-31 11:01:56 -04:00
|
|
|
acmesolver:
|
|
|
|
|
image:
|
|
|
|
|
repository: registry.local:9001/public/cert-manager-acmesolver
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#. Apply the overrides.
|
|
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
2021-07-19 15:52:14 -04:00
|
|
|
~(keystone_admin)]$ system helm-override-update --reuse-values --values cm-override-values.yaml cert-manager cert-manager cert-manager
|
2020-08-31 11:01:56 -04:00
|
|
|
|
|
|
|
|
#. Reapply cert-manager.
|
|
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
2021-03-15 16:56:04 -03:00
|
|
|
~(keystone_admin)]$ system application-apply cert-manager
|
2020-08-31 11:01:56 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
