 d95c80d36f
			
		
	
	d95c80d36f
	
	
	
		
			
			Fixed merge conflict (RS) Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I30b882a14196525f440db1108a56bbf862dfaf55 Signed-off-by: Ron Stone <ronald.stone@windriver.com>
		
			
				
	
	
	
		
			2.6 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	Enable Public Use of the cert-manager-acmesolver Image
When an arbitrary non-admin user creates a certificate with an external , cert-manager dynamically creates a pod (image=cert-manager-acmesolver) and an ingress in the user-specified namespace in order to handle the http01 challenge from the external CA.
As part of the application-apply of cert-manager at bootstrap time, the cert-manager-acmesolver image has been pulled from an external registry and pushed to registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver:<tag>. However, this repository within registry.local is secured such that only admin can access these images.
The
registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver:<tag>
image needs to be copied by admin into a public
repository, registry.local:9001:/public. If you have not yet set up a
public repository, see : Setting up a Public Repository
<setting-up-a-public-repository>.
- Determine the image tag of cert-manager-acmesolver image. - ~(keystone_admin)]$ system registry-image-tags quay.io/jetstack/cert-manager-acmesolver
- Copy the cert-manager-acmesolver image, and replace <TAG> with the tag you want to copy from previous step. - $ sudo docker login registry.local:9001 username: admin password: <admin-password> $ $ sudo docker pull registry.local:9001/quay.io/jetstack/cert-manager-acmesolver:<TAG> $ sudo docker tag registry.local:9001/quay.io/jetstack/cert-manager-acmesolver:<TAG> registry.local:9001/public/cert-manager-acmesolver:<TAG> $ sudo docker push registry.local:9001/public/cert-manager-acmesolver:<TAG>
- Update the cert-manager application to use this public image. - Create an overrides file. - ~(keystone_admin)]$ cat <<EOF > cm-override-values.yaml acmesolver: image: repository: registry.local:9001/public/cert-manager-acmesolver EOF
- Apply the overrides. - ~(keystone_admin)]$ system helm-override-update --values cm-override-values.yaml cert-manager cert-manager cert-manager
- Reapply cert-manager. - ~(keystone_admin)]$ system application-apply cert-manager