Nesta etapa, explicamos como fazer o download e a instalação do cert-manager (em inglês), necessário para que a Apigee híbrida funcione.
Instalar cert-manager
- Use o seguinte comando para instalar o cert-manager v1.7.2 pelo GitHub.
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
Você verá uma resposta informando que o namespace cert-manager e vários recursos de cert-manager foram criados. Exemplo:
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured ... mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
- Use o seguinte comando para verificar a criação do namespace cert-manager e seus componentes correspondentes:
# kubectl get all -n cert-manager -o wide
A saída será semelhante ao exemplo a seguir. Você verá os pods
cert-manager,cert-manager-cainjectorecert-manager-webhook.NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/cert-manager-8568b6f9cb-cz4h2 1/1 Running 0 2d6h 10.56.3.7 gke-cluster-01-apigee-data-d932c3f6-0v1jpod/cert-manager-cainjector-c9c77b797-nk56p 1/1 Running 0 2d6h 10.56.7.2 gke-cluster-01-apigee-data-8a689178-en9x pod/cert-manager-webhook-885b8ffcb-q6vvk 1/1 Running 0 2d6h 10.56.3.2 gke-cluster-01-apigee-data-d932c3f6-0v1j NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/cert-manager ClusterIP 10.60.2.36 9402/TCP 91d app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager service/cert-manager-webhook ClusterIP 10.60.10.97 443/TCP 91d app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/cert-manager 1/1 1 1 91d cert-manager quay.io/jetstack/cert-manager-controller:v1.7.2 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager deployment.apps/cert-manager-cainjector 1/1 1 1 91d cert-manager quay.io/jetstack/cert-manager-cainjector:v1.7.2 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector deployment.apps/cert-manager-webhook 1/1 1 1 91d cert-manager quay.io/jetstack/cert-manager-webhook:v1.7.2 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/cert-manager-8568b6f9cb 1 1 1 91d cert-manager quay.io/jetstack/cert-manager-controller:v1.7.2 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=8568b6f9cb replicaset.apps/cert-manager-cainjector-c9c77b797 1 1 1 91d cert-manager quay.io/jetstack/cert-manager-cainjector:v1.7.2 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=c9c77b797 replicaset.apps/cert-manager-webhook-885b8ffcb 1 1 1 91d cert-manager quay.io/jetstack/cert-manager-webhook:v1.7.2 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=885b8ffcb
Resumo
Agora, o gerenciador de certificados está instalado e é possível instalar a ferramenta de linha de comando da Apigee híbrida na máquina local.
1 2 (A SEGUIR) Etapa 3: instalar a apigeectl 4 5 6 7 8 9 10