认识
官网:https://cert-manager.io/docs/reference/cmctl/
文档:https://github.com/cert-manager/cmctl/blob/main/README.md
仓库:https://github.com/cert-manager/cmctl
cmctl is a command line tool that can help you manage cert-manager and its resources inside your cluster. 简而言之,我们使用 kubectl cert-manager 命令完成集群管理,这是 cert-manager 官方提供的 cert-manager 管理插件;
构建
独立安装
https://cert-manager.io/docs/reference/cmctl/#manual-installation
插件运行:作为 kubectl cert-manager 插件
命令的安装方法如下:
方法一、手动安装,参考 Kubectl plugin | cert-manager 文档
方法二、kubectl krew 安装
1)首先,需要安装 krew 插件,参考 Install and Set Up kubectl 笔记;
2)安装 kubectl cert-manager 插件(子命令):
# kubectl krew search cert-manager NAME DESCRIPTION INSTALLED cert-manager Manage cert-manager resources inside your cluster no # kubectl krew install cert-manager Updated the local copy of plugin index. Installing plugin: cert-manager Installed plugin: cert-manager \ | Use this plugin: | kubectl cert-manager | Documentation: | https://github.com/jetstack/cert-manager / // 在最后步骤中,极有肯能因为网络原因而下载失败 // 此时只能求助于手动安装,或者网络加速(导出环境变量即可)
应用
在命令行中,进行证书续期
针对某个证书进行续期:
$ kubectl get certificate NAME READY SECRET AGE example-com-tls True example-com-tls 1d $ kubectl cert-manager renew example-com-tls Manually triggered issuance of Certificate default/example-com-tls $ kubectl get certificaterequest NAME READY AGE example-com-tls-tls-8rbv2 False 10s
针对全部证书进行续期:
// 针对命令空间的所有证书 $ kubectl cert-manager renew --namespace=app --all // 针对全部命名空间 $ kubectl cert-manager renew --all-namespaces --all