cert-manager. Проверка после установки

Использованные материалы

1. Выпуск тестового сертификата

  1. Создайте манифест для выпуска тестового сертификата:

    cat << EOF > test-resources.yaml
    apiVersion: v1
    kind: Namespace
    metadata:
      name: cert-manager-test
    ---
    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
      name: test-selfsigned
      namespace: cert-manager-test
    spec:
      selfSigned: {}
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: selfsigned-cert
      namespace: cert-manager-test
    spec:
      dnsNames:
        - example.com
      secretName: selfsigned-cert-tls
      issuerRef:
        name: test-selfsigned
    EOF
  2. Примените созданный манифест:

    kubectl apply -f test-resources.yaml
  3. Проверьте наличие успешно выданного сертификата ("The certificate has been successfully issued"):

    kubectl describe certificate -n cert-manager-test
    stdout:
    Name:         selfsigned-cert
    Namespace:    cert-manager-test
    Labels:       <none>
    Annotations:  <none>
    API Version:  cert-manager.io/v1
    Kind:         Certificate
    Metadata:
      Creation Timestamp:  2024-05-27T11:06:43Z
      Generation:          1
      Resource Version:    83250398
      UID:                 dc1e894c-dc9f-4ded-96a2-03aae1a5bdb6
    Spec:
      Dns Names:
        example.com
      Issuer Ref:
        Name:       test-selfsigned
      Secret Name:  selfsigned-cert-tls
    Status:
      Conditions:
        Last Transition Time:  2024-05-27T11:06:46Z
        Message:               Certificate is up to date and has not expired
        Observed Generation:   1
        Reason:                Ready
        Status:                True
        Type:                  Ready
      Not After:               2024-08-25T11:06:46Z
      Not Before:              2024-05-27T11:06:46Z
      Renewal Time:            2024-07-26T11:06:46Z
      Revision:                1
    Events:
      Type    Reason     Age   From                                       Message
      ----    ------     ----  ----                                       -------
      Normal  Issuing    14s   cert-manager-certificates-trigger          Issuing certificate as Secret does not exist
      Normal  Generated  12s   cert-manager-certificates-key-manager      Stored new private key in temporary Secret resource "selfsigned-cert-xjh9s"
      Normal  Requested  12s   cert-manager-certificates-request-manager  Created new CertificateRequest resource "selfsigned-cert-1"
      Normal  Issuing    11s   cert-manager-certificates-issuing          The certificate has been successfully issued
  4. Удалите ранее созданные ресурсы:

    kubectl delete -f test-resources.yaml
    stdout:
    namespace "cert-manager-test" deleted
    issuer.cert-manager.io "test-selfsigned" deleted
    certificate.cert-manager.io "selfsigned-cert" deleted