Installing IBM Cert Manager by using the OpenShift console

Prerequisites

An OpenShift Container Platform cluster must be installed. For more information on supported OpenShift Container Platform versions, see Supported OpenShift versions and platforms.

Installing the IBM Cert Manager

1. Create the catalog source for the IBM Cert Manager.

   1. Log in to your cluster console.
   2. Click the plus icon. You see the Import YAML dialog box.
   3. Create the catalog source by pasting the catalog source definition provided later.

   4. Click Create. The catalog source is created. Verify that the source container is ready. Use the console or the command-line interface (CLI) for verifying. The catalog source pod must have the Running status. On the cluster console, see Project: openshift-marketplace > Workloads > Pods.

      Following are the catalog source definitions:

      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-cert-manager-catalog
        namespace: openshift-marketplace
      spec:
        displayName: ibm-cert-manager-4.2.1
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-cert-manager-operator-catalog
        updateStrategy:
          registryPoll:
            interval: 45m
      

2. Installing the operator from OperatorHub.

   1. In the All Items field, enter IBM Cert Manager. The IBM Cert Manager operator is displayed.
   2. Click the IBM Cert Manager tile. The IBM Cert Manager window is displayed.
   3. Click Install. You see the Install Operator page.
   4. Set the Update Channel to the v4.2 version. If the Channel v4.2 version is not available, click other IBM Cert Manager tile from OperatorHub to install the correct version.
   5. Set Installation Mode to All namespaces on the cluster (default).
   6. Set Installed Namespace to ibm-cert-manager(Operator recommended)
   7. Set Update approval to Automatic.
   8. Click Install.

Setting the hardware profile and accepting the license

See the following notes:

• The steps in this section are required only if you need to update the default hardware profile or accept the license.
• spec.license.accept: true is an optional parameter. To enable IBM Support, you must accept the license. For more information about Licensing acceptance, see License Accept.

1. From the navigation pane, click Home > Search.
2. From the Project drop-down list, select ibm-cert-manager.
3. From the Resources drop-down list, select CertManagerConfig.
4. Click the default resource.
5. Select the YAML tab.

6. Update the CPU, Memory request and limits parameters to set the hardware profile, and add the spec.license.accept: true parameter to accept the license.

   apiVersion: operator.ibm.com/v1
   kind: CertManagerConfig
   metadata:
     labels:
       app.kubernetes.io/instance: ibm-cert-manager-operator
       app.kubernetes.io/managed-by: ibm-cert-manager-operator
       app.kubernetes.io/name: cert-manager
     name: default
   spec:
     license:
       accept: true
     certManagerController:
       resources:
         limits:
           cpu: 80m
           memory: 530Mi
         requests:
           cpu: 20m
           memory: 230Mi
     certManagerWebhook:
       resources:
         limits:
           cpu: 60m
           memory: 100Mi
         requests:
           cpu: 30m
           memory: 40Mi
     certManagerCAInjector:
       resources:
         limits:
           cpu: 100m
           memory: 520Mi
         requests:
           cpu: 20m
           memory: 410Mi
     enableCertRefresh: true
     enableWebhook: true
     version: 4.2.1
     imageRegistry: icr.io/cpopen/cpfs
     disableHostNetwork: true