This topic explains how to specify a custom Kubernetes namespace for cert-manager.
In most cases, cert-manager runs in the cert-manager
namespace. Some users may have
company policies restricting the creation of new Kubernetes namespaces or have policies requiring
cert-manager to be run in a different namespace, for example kube-system
.
Specify a custom namespace for cert-manager
- Create the namespace if needed:
kubectl create namespace
new-cert-manager-namespace - Install cert-manager following the instructions in Installation: Introduction in the cert-manager documentation.
- Add a
certManager
stanza to your overrides file.certManager: namespace:
new-cert-manager-namespace - Apply the namespace change:
Test with a dry run first:
helm upgrade operator apigee-operator/ \ --install \ --namespace apigee-system \ --atomic \ -f
OVERRIDES_FILE .yaml \ --dry-runApply the change:
helm upgrade operator apigee-operator/ \ --install \ --namespace apigee-system \ --atomic \ -f
OVERRIDES_FILE .yaml$APIGEECTL_HOME/apigeectl init -f
OVERRIDES_FILE .yaml - Verify that cert-manager installed correctly in the new namespace with the
kubectl get pods
command:kubectl get pods -n
new-cert-manager-namespace NAME READY STATUS RESTARTS AGE cert-manager-1234567-abcde 1/1 Running 0 21s cert-manager-cainjector-23456789a-bcdef 1/1 Running 0 22s cert-manager-webhook-3456789ab-cdef0 1/1 Running 0 20s
- If cert manager had previoiusly been running, delete the
cert-manager
instance in thecert-manager
namespace by following the instructions in Uninstall in the cert-manager documentation.