Enable Use of cert-manager-acmesolver Image in a Particular NamespaceΒΆ
When an arbitrary user creates a certificate with an external CA, cert-manager dynamically creates the cert-manager-acmesolver pod and an ingress in the user-specified namespace in order to handle the http01 challenge from the external CA.
About this task
In order to pull the registry.local:9001:/public/cert-manager-acmesolver:v1.7.1 image from the local registry, the credentials for the public repository must be in a secret and referenced in an ImagePullSecret in the default serviceAccount of that user-specified namespace.
Procedure
Execute the following commands, substituting your deployment-specific value for <USERNAMESPACE>.
% kubectl get secret registry-local-public-key -n kube-system -o yaml | grep -v '^\s*namespace:\s' | kubectl apply --namespace=<USERNAMESPACE> -f - % kubectl patch serviceaccount default -p "{\"imagePullSecrets\": [{\"name\": \"registry-local-public-key\"}]}" -n <USERNAMESPACE>