--- title: Certificate Manager description: This page describes the legacy CDM implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to the current CDM implementation as soon as possible. component: forgeops version: 7.2 page_id: forgeops::legacy/cdm/gke/setup/cert-manager canonical_url: https://docs.pingidentity.com/forgeops/7.2/legacy/cdm/gke/setup/cert-manager.html section_ids: next_step: Next step --- # Certificate Manager | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | This page describes the legacy CDM implementation, which will be deprecated in an upcoming release. We strongly recommend that you transition to [the current CDM implementation](../../../../cdm/overview.html) as soon as possible. | Use cert-manager when you deploy the CDM. Remember, [the CDM is a reference implementation and not for production use](../../../../start/start-here.html#cdm-sandbox). When you [create a project plan](../../../../start/start-here.html#planning), you'll need to determine how to manage certificates in production. After you've finished deploying the CDM, you can use the CDM as a sandbox to explore deployment with a different certificate manager. To deploy the Certificate Manager: ``` $ /path/to/forgeops/bin/certmanager-deploy.sh customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created namespace/cert-manager created serviceaccount/cert-manager-cainjector created serviceaccount/cert-manager created serviceaccount/cert-manager-webhook created clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created . . . service/cert-manager created service/cert-manager-webhook created deployment.apps/cert-manager-cainjector created deployment.apps/cert-manager created deployment.apps/cert-manager-webhook created mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created deployment.apps/cert-manager-webhook condition met clusterissuer.cert-manager.io/default-issuer created secret/certmanager-ca-secret created ``` After you've deployed the Certificate Manager, check the status of the pods in the `cert-manager` namespace until all the pods are ready: ``` $ kubectl get pods --namespace cert-manager NAME READY STATUS RESTARTS AGE cert-manager-6d5fd89bdf-khj5w 1/1 Running 0 3m57s cert-manager-cainjector-7d47d59998-h5b48 1/1 Running 0 3m57s cert-manager-webhook-6559cc8549-8vdtp 1/1 Running 0 3m56s ``` ## Next step * [icon: check-square-o, set=fa][Install third-party software](sw.html) * [icon: check-square-o, set=fa][Set up a Google Cloud project](project.html) * [icon: check-square-o, set=fa][Get the forgeops repository](forgeops.html) * [icon: check-square-o, set=fa][Create a Kubernetes cluster](cluster.html) * [icon: check-square-o, set=fa][Install the Secret Agent operator](secret-agent.html) * [icon: check-square-o, set=fa][Deploy the Ingress-NGINX controller](nginx.html) * [icon: check-square-o, set=fa][Deploy certificate manager](#) * [icon: square-o, set=fa]*[Deploy Prometheus, Grafana, and Alertmanager](prometheus.html)* * [icon: square-o, set=fa][Prepare to push Docker images](push.html)