Nesta etapa, explicamos como fazer o download e a instalação do cert-manager (em inglês), necessário para que a Apigee híbrida funcione.
Instalar cert-manager
- Use o seguinte comando para instalar o cert-manager v1.11.0 do GitHub.
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.yaml
Você verá uma resposta informando que o namespace cert-manager e vários recursos de cert-manager foram criados. Exemplo:
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured ... mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
- Use o seguinte comando para verificar a criação do namespace cert-manager e seus componentes correspondentes:
kubectl get all -n cert-manager -o wide
A saída será semelhante ao exemplo a seguir. Você verá os pods
cert-manager,cert-manager-cainjectorecert-manager-webhook.NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/cert-manager-abcd1234-7hkt9 1/1 Running 0 35s 10.20.x.x gke-hybrid-on-apigee-data-abcd1234-3d54
pod/cert-manager-cainjector-abcd1234-6lb4k 1/1 Running 0 35s 10.20.x.x gke-hybrid-apigee-runtime-abcd1234-5hmn pod/cert-manager-webhook-abcd1234-c8bg9 1/1 Running 0 35s 10.20.x.x gke-hybrid-apigee-runtime-abcd1234-fk39 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/cert-manager ClusterIP 10.24.x.x 9402/TCP 35s app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager service/cert-manager-webhook ClusterIP 10.24.x.x 443/TCP 35s app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/cert-manager 1/1 1 1 35s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.11.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager deployment.apps/cert-manager-cainjector 1/1 1 1 35s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.11.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector deployment.apps/cert-manager-webhook 1/1 1 1 35s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.11.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/cert-manager-abcd1234 1 1 1 35s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.11.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=abcd1234 replicaset.apps/cert-manager-cainjector-abcd1234 1 1 1 35s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.11.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=abcd1234 replicaset.apps/cert-manager-webhook-abcd1234 1 1 1 35s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.11.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=abcd1234
Resumo
Agora, o gerenciador de certificados está instalado e é possível instalar a ferramenta de linha de comando da Apigee híbrida na máquina local.
1 2 (PRÓXIMO) Etapa 3: instalar apigeectl 4 5 6 7 8 9 10 11