keptn · RealAnna · Jan 31, 2023 · Jan 18, 2023 · Jan 18, 2023 · Jan 18, 2023
@@ -24,14 +24,6 @@ Click to watch it on YouTube:
 
 **Installation**
 
-The Lifecycle Toolkit includes a Mutating Webhook which requires TLS certificates to be mounted as a volume in its pod. The certificate creation
-is handled automatically by [cert-manager](https://cert-manager.io). To install **cert-manager**, execute the following command:
-
-```console
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
-```
-
-When *cert-manager* is installed, you can run
 
 <!---x-release-please-start-version-->
 
@@ -47,6 +39,10 @@ The Lifecycle Toolkit uses the OpenTelemetry collector to provide a vendor-agnos
 process and export telemetry data. To install it, follow their [installation instructions](https://opentelemetry.io/docs/collector/getting-started/).
 We also provide some more information about this in our [observability example](./examples/support/observability/).
 
+The Lifecycle Toolkit includes a Mutating Webhook which requires TLS certificates to be mounted as a volume in its pod. The certificate creation
+is handled automatically by [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md). Versions 0.5.0 and earlier have a hard dependency on the [cert-manager](https://cert-manager.io).
+See [installation guideline](https://github.com/keptn/lifecycle-toolkit/blob/main/docs/content/docs/snippets/tasks/install.md) for more info.
+
 ## Goals
 
 The Keptn Lifecycle Toolkit aims to support Cloud Native teams with:

@@ -4,4 +4,4 @@ icon: concepts
 layout: quickstart
 weight: 5
 hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html
----
+---
@@ -0,0 +1,20 @@
+---
+title: Keptn Certificate Manager
+icon: concepts
+layout: quickstart
+weight: 5
+hidechildren: true # this flag hides all sub-pages in the sidebar-multicard.html
+---
+
+### Keptn Cert Manager
+
+The Lifecycle Toolkit includes a Mutating Webhook which requires TLS certificates to be mounted as a volume in its pod. In version 0.6.0 and later, the certificate creation
+is handled automatically by the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md).
+
+The certificate is created as a secret in the `keptn-lifecycle-toolkit-system` namespace with a renewal threshold of 12 hours. 
+If it expires, the [klt-cert-manager](https://github.com/keptn/lifecycle-toolkit/blob/main/klt-cert-manager/README.md) renews it. 
+The Lifecycle Toolkit operator waits for a valid certificate to be ready.
+The certificate is mounted on an empty dir volume in the operator.
+
+When a certificate is left over from an older version, the webhook or the operator may generate errors because of an invalid certificate. To solve this, delete the certificate and restart the operator.
+
@@ -1,4 +1,19 @@
-At the moment, the lifecycle controller needs *cert-manager* to be installed. Therefore, you can install cert-manager using:
+
+## Install version 0.6.0 and above
+
+In version 0.6.0 and later, you can install the Lifecycle Toolkit using the current release manifest:
+<!---x-release-please-start-version-->
+```
+kubectl apply -f https://github.com/keptn/lifecycle-toolkit/releases/download/v0.5.0/manifest.yaml
+kubectl wait --for=condition=Available deployment/klc-controller-manager -n keptn-lifecycle-toolkit-system --timeout=120s
+```
+<!---x-release-please-end-->
+
+The Lifecycle Toolkit and its dependencies are now installed and ready to use.
+
+## Install version 0.5.0 and earlier
+
+You must first install *cert-manager* with the following commands:
 
 <!-- 
 [cert-manager](https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml)
@@ -8,12 +23,9 @@ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/
 kubectl wait --for=condition=Available deployment/cert-manager-webhook -n cert-manager --timeout=60s
 ```
 
-After that, you can install the lifecycle toolkit using the current release manifest:
-<!---x-release-please-start-version-->
+After that, you can install the Lifecycle Toolkit <oldversion> with:
+
 ```
-kubectl apply -f https://github.com/keptn/lifecycle-toolkit/releases/download/v0.5.0/manifest.yaml
+kubectl apply -f https://github.com/keptn/lifecycle-toolkit/releases/download/<oldversion>/manifest.yaml
 kubectl wait --for=condition=Available deployment/klc-controller-manager -n keptn-lifecycle-toolkit-system --timeout=120s
-```
-<!---x-release-please-end-->
-
-Now, the Lifecycle Toolkit and its dependency is installed and ready to use.
+```
@@ -3,11 +3,9 @@ JAEGER_VERSION ?= v1.39.0
 TOOLKIT_NAMESPACE ?= keptn-lifecycle-toolkit-system
 PODTATO_NAMESPACE ?= podtato-kubectl
 GRAFANA_PORT_FORWARD ?= 3000
-# renovate: datasource=github-tags depName=cert-manager/cert-manager
-CERT_MANAGER_VERSION ?= v1.11.0
 
 .PHONY: install
-install: install-cert-manager install-observability install-argo
+install: install-observability install-argo
 	@echo "-----------------------------------"
 	@echo "Create Namespace and install Keptn-lifecycle-toolkit"
 	@echo "-----------------------------------"
@@ -23,11 +21,6 @@ install-observability:
 install-argo:
 	make -C support/argo install
 
-.PHONY: install-cert-manager
-install-cert-manager:
-	kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml
-	kubectl wait --for=condition=available deployment/cert-manager-webhook -n cert-manager --timeout=300s
-
 .PHONY: port-forward-jaeger
 port-forward-jaeger:
 	make -C support/observability port-forward-jaeger

@@ -3,8 +3,6 @@ PODTATO_NAMESPACE ?= podtato-kubectl
 ARGO_NAMESPACE ?= argocd
 # renovate: datasource=github-tags depName=argoproj/argo-cd
 ARGO_VERSION ?= v2.5.7
-# renovate: datasource=github-tags depName=cert-manager/cert-manager
-CERT_MANAGER_VERSION ?= v1.11.0
 ARGO_SECRET = $(shell kubectl -n ${ARGO_NAMESPACE} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo)
 
 .PHONY: install

@@ -1,8 +1,10 @@
-# cert-manager
-// TODO(user): Add simple overview of use/purpose
+# klt-cert-manager
+The Keptn certificate manager ensures that the webhooks in the Lifecycle Toolkit operator can obtain a valid certificate to access the Kubernetes API server.
 
 ## Description
-// TODO(user): An in-depth paragraph about your project and overview of use
+This `klt-cert-manager` operator should only be installed when paired with the Lifecycle Toolkit operator. 
+The TLS certificate is mounted as a volume in the LT operator pod and is renewed every 12 hours or every time the LT operator deployment changes.
+
 
 ## Getting Started
 You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.
@@ -42,7 +44,6 @@ make undeploy
 ```
 
 ## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
 
 ### How it works
 This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)

@@ -18,8 +18,7 @@ bases:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
+
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus