Configure an external cert-manager
If a cert-manager already exists in your Kubernetes cluster, you need to perform some prerequisite steps so that Astra Control Center does not install its own cert-manager.
-
Confirm that you have a cert-manager installed:
Sample response:
cert-manager essential-cert-manager-84446f49d5-sf2zd 1/1 Running 0 6d5h cert-manager essential-cert-manager-cainjector-66dc99cc56-9ldmt 1/1 Running 0 6d5h cert-manager essential-cert-manager-webhook-56b76db9cc-fjqrq 1/1 Running 0 6d5h
-
Create a certificate/key pair for the astraAddress FQDN:
Sample response:
Generating a 2048 bit RSA private key ..................+++ ........................................+++ writing new private key to 'tls.key'
-
Create a secret with previously generated files:
Sample response:
secret/selfsigned-tls created
-
Create a ClusterIssuer file that is exactly the following but includes the namespace location where your cert-manager pods are installed:
Sample response:
clusterissuer.cert-manager.io/astra-ca-clusterissuer created
-
Verify that the ClusterIssuer has come up correctly.
Ready
must beTrue
before you can proceed:Sample response:
NAME READY AGE astra-ca-clusterissuer True 9s
-
Complete the Astra Control Center installation process. There is a required configuration step for the Astra Control Center cluster YAML in which you change the CRD value to indicate that the cert-manager is externally installed. You must complete this step during installation so that Astra Control Center recognizes the external cert-manager.