Utilisez la commande suivante pour vérifier que la création de l'espace de noms cert-manager et de ses composants correspondants a réussi :
kubectl get all -n cert-manager -o wide
La sortie devrait ressembler à l'exemple suivant :
Vous devriez voir les pods correspondant à cert-manager, cert-manager-cainjector et cert-manager-webhook.
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/cert-manager-675d667c9-8rrdf 1/1 Running 0 13s x.x.x.x gke-test-apigee-apigee-runtime-fbff3412-fsz9 none none
pod/cert-manager-cainjector-6674494d8-lfr5r 1/1 Running 0 13s x.x.x.x gke-test-apigee-hy-apigee-data-efb302e2-1gqg none none
pod/cert-manager-webhook-8566bcbc98-5krnh 1/1 Running 0 12s x.x.x.x gke-test-apigee-hy-apigee-data-0081cb07-2t5v none none
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/cert-manager ClusterIP x.x.x.x none 9402/TCP 13s app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
service/cert-manager-webhook ClusterIP x.x.x.x none 443/TCP 13s app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/cert-manager 1/1 1 1 13s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.15.5 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
deployment.apps/cert-manager-cainjector 1/1 1 1 13s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.15.5 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector
deployment.apps/cert-manager-webhook 1/1 1 1 13s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.15.5 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/cert-manager-675d667c9 1 1 1 13s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.15.5 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=675d667c9
replicaset.apps/cert-manager-cainjector-6674494d8 1 1 1 13s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.15.5 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=6674494d8
replicaset.apps/cert-manager-webhook-8566bcbc98 1 1 1 12s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.15.5 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=8566bcbc98
Résumé
Maintenant, cert-manager est installé et vous êtes prêt à installer les définitions de ressources personnalisées (CRD) d'Apigee hybrid.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/08/18 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/08/18 (UTC)."],[[["\u003cp\u003eCert-manager is essential for Apigee hybrid operations and can be installed using a direct command from GitHub.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Distributed Cloud includes its own version of cert-manager, making a separate installation unnecessary unless the namespace needs to be specified in the overrides file.\u003c/p\u003e\n"],["\u003cp\u003eOpenShift users must install cert-manager separately following the instructions in the cert-manager documentation, with potential version 1.10-related issues to be aware of.\u003c/p\u003e\n"],["\u003cp\u003eInstallation can be verified by checking for the successful creation of the cert-manager namespace and the \u003ccode\u003ecert-manager\u003c/code\u003e, \u003ccode\u003ecert-manager-cainjector\u003c/code\u003e, and \u003ccode\u003ecert-manager-webhook\u003c/code\u003e pods.\u003c/p\u003e\n"],["\u003cp\u003eCert-manager version 1.15.1 will be installed using the provided command, in order to install the CRDs for Apigee hybrid.\u003c/p\u003e\n"]]],[],null,["# Step 8: Install cert-manager\n\n| You are currently viewing version 1.13 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nThis step explains how to download and install [cert-manager](https://cert-manager.io/docs/), required for Apigee hybrid to operate.\n| **Installations on Google Distributed Cloud**\n|\n| You do not need to install cert-manager if you are\n| performing a fresh installation on one of the following on-premises platforms:\n|\n| - Google Distributed Cloud (software only) on VMware\n| - Google Distributed Cloud (software only) on bare metal\n|\n|\n| Google Distributed Cloud comes with its own version of cert-manager. Apigee can use this Distributed Cloud version of cert-manager.\n| If it is installed in a namespace other than `cert-manager`, you will need to include\n| the namespace with the [`certManager.namespace`](/apigee/docs/hybrid/v1.13/config-prop-ref#certmanager)\n| property in your overrides file.\n| For more information about Google Distributed Cloud and cert-manager, see\n| [Conflicting\n| cert-manager installation](/kubernetes-engine/distributed-cloud/vmware/docs/troubleshooting/known-issues#conflicting-cert-manager-installation).\n|\n|\n| **Installations on OpenShift**\n|\n| If you are installing Apigee hybrid on OpenShift, install cert-manager by following the\n| instructions in [Installation](https://cert-manager.io/docs/installation/)\n| in the cert-manager documentation.\n|\n| See a\n| [Known Issue about cert-manager version 1.10 on OpenShift](https://cloud.google.com/apigee/docs/release/known-issues#271689008).\n|\n|\n| **Issues with Older Versions**\n|\n|\n| Some versions of cert-manager have an issue where the webhook TLS server may fail to automatically renew its CA certificate. To avoid this, Apigee recommends using cert-manager version [1.15.5](https://cert-manager.io/docs/releases/release-notes/release-notes-1.15/#v1155) or higher.\n\nInstall cert-manager\n--------------------\n\n1. Use the following command to install cert-manager v1.15.5 from GitHub. \n\n ```\n kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.5/cert-manager.yaml\n ```\n\n\n You should see a response that the cert-manager namespace and several cert-manager resources\n have been created. For example: \n\n ```\n customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured\n customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured\n ...\n mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured\n validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured\n ```\n2. Use the following command to verify the successful creation of cert-manager namespace and its corresponding components: \n\n ```\n kubectl get all -n cert-manager -o wide\n ```\n\n Your output should be similar to the following example.\n You should see pods for `cert-manager`, `cert-manager-cainjector`, and `cert-manager-webhook`. \n\n ```\n NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES\n pod/cert-manager-675d667c9-8rrdf 1/1 Running 0 13s x.x.x.x gke-test-apigee-apigee-runtime-fbff3412-fsz9 none none\n pod/cert-manager-cainjector-6674494d8-lfr5r 1/1 Running 0 13s x.x.x.x gke-test-apigee-hy-apigee-data-efb302e2-1gqg none none\n pod/cert-manager-webhook-8566bcbc98-5krnh 1/1 Running 0 12s x.x.x.x gke-test-apigee-hy-apigee-data-0081cb07-2t5v none none\n\n NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR\n service/cert-manager ClusterIP x.x.x.x none 9402/TCP 13s app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager\n service/cert-manager-webhook ClusterIP x.x.x.x none 443/TCP 13s app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook\n\n NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR\n deployment.apps/cert-manager 1/1 1 1 13s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.15.5 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager\n deployment.apps/cert-manager-cainjector 1/1 1 1 13s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.15.5 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector\n deployment.apps/cert-manager-webhook 1/1 1 1 13s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.15.5 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook\n\n NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR\n replicaset.apps/cert-manager-675d667c9 1 1 1 13s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.15.5 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=675d667c9\n replicaset.apps/cert-manager-cainjector-6674494d8 1 1 1 13s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.15.5 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=6674494d8\n replicaset.apps/cert-manager-webhook-8566bcbc98 1 1 1 12s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.15.5 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=8566bcbc98\n ```\n\nSummary\n-------\n\n\nYou now have cert-manager installed, and you are ready to install the Apigee hybrid\ncustom resource definitions (CRDs).\n\nNext step\n---------\n\n\u003cbr /\u003e\n\n[1](/apigee/docs/hybrid/v1.13/install-create-cluster) [2](/apigee/docs/hybrid/v1.13/install-download-charts) [3](/apigee/docs/hybrid/v1.13/install-create-namespace) [4](/apigee/docs/hybrid/v1.13/install-service-accounts) [5](/apigee/docs/hybrid/v1.13/install-create-tls-certificates) [6](/apigee/docs/hybrid/v1.13/install-create-overrides) [7](/apigee/docs/hybrid/v1.13/install-enable-synchronizer-access) [8](/apigee/docs/hybrid/v1.13/install-cert-manager) [(NEXT) Step 9: Install the CRDs](/apigee/docs/hybrid/v1.13/install-crds) [10](/apigee/docs/hybrid/v1.13/install-helm-charts) [11](/apigee/docs/hybrid/v1.13/install-workload-identity)\n\n\u003cbr /\u003e"]]
