cmctl

.spelling

@@ -44,6 +44,7 @@ CloudFlare
 ClusterRole
 ClusterIssuer
 ClusterIssuers
+cmctl
 CNAME
 CNAMEs
 CNI
@@ -164,6 +165,7 @@ PKCS#12
 PKCS#8
 Prometheus
 propagations
+powershell
 publicised
 RBAC
 rebase
@@ -183,6 +185,8 @@ Runtime
 Smallstep
 SOA
 stdout
+subcommand
+subcommands
 subdomain
 (sub)domains
 subdomains
@@ -302,6 +306,7 @@ issuances
 HTTPRoute
 gatewayhttproute-labels
 gatewayhttproute-service-type
+zsh
 
 # As per https://tools.ietf.org/html/rfc5280, the spelling "X.509" is the
 # correct spelling. The spelling "x509" and "X509" are incorrect.

_redirects

@@ -20,3 +20,18 @@ https://cert-manager.io/docs/installation/kubernetes/ https://cert-manager.io/do
 https://cert-manager.io/docs/installation/openshift/ https://cert-manager.io/docs/installation/supported-releases/
 https://cert-manager.io/docs/installation/uninstall/kubernetes/ https://cert-manager.io/docs/installation/uninstall/
 https://cert-manager.io/docs/installation/uninstall/openshift/ https://cert-manager.io/docs/installation/uninstall/
+
+# In v1.6 we released 'cmctl' which is considered a better CLI experience than
+# 'kubectl cert-manager'. The 'cmctl' page became the source of truth for all
+# subcommands so the old references to 'kubectl cert-manager' are redirected
+# there.
+https://cert-manager.io/docs/usage/kubectl-plugin/#commands https://cert-manager.io/docs/usage/cmctl/#commands
+https://cert-manager.io/docs/usage/kubectl-plugin/#approve-deny https://cert-manager.io/docs/usage/cmctl/#approve-and-deny-certificaterequests
+https://cert-manager.io/docs/usage/kubectl-plugin/#convert https://cert-manager.io/docs/usage/cmctl/#convert
+https://cert-manager.io/docs/usage/kubectl-plugin/#create https://cert-manager.io/docs/usage/cmctl/#create
+https://cert-manager.io/docs/usage/kubectl-plugin/#certificaterequest https://cert-manager.io/docs/usage/cmctl/#certificaterequest
+https://cert-manager.io/docs/usage/kubectl-plugin/#renew https://cert-manager.io/docs/usage/cmctl/#renew
+https://cert-manager.io/docs/usage/kubectl-plugin/#status-certificate https://cert-manager.io/docs/usage/cmctl/#status-certificate
+https://cert-manager.io/docs/usage/kubectl-plugin/#completion https://cert-manager.io/docs/usage/cmctl/#completion
+https://cert-manager.io/docs/usage/kubectl-plugin/#experimental https://cert-manager.io/docs/usage/cmctl/#experimental
+https://cert-manager.io/docs/usage/kubectl-plugin/#certificatesigningrequest https://cert-manager.io/docs/usage/cmctl/#certificatesigningrequest

content/en/docs/configuration/acme/dns01/akamai.md

@@ -84,5 +84,5 @@ kubectl describe certificate example-zone
 Follow the `cert-manager` events to identify any issues with a command such as the following.
 
 ```bash
-kubectl cert-manager status certificate example-zone
+cmctl status certificate example-zone
 ```

content/en/docs/faq/_index.md

@@ -18,7 +18,7 @@ face:
 
 ### Can I trigger a renewal from cert-manager at will?
 
-This is a feature in cert-manager starting in `v0.16` using the kubectl plugin. More information can be found on [the renew command's page](../usage/kubectl-plugin/#renew)
+This is a feature in cert-manager starting in `v0.16` using the `cmctl` CLI. More information can be found on [the renew command's page](../usage/cmctl/#renew)
 
 ### Why isn't my root certificate in my issued Secret's `tls.crt`?
 

content/en/docs/installation/_index.md

@@ -23,18 +23,18 @@ More information on this install method [can be found here](./kubectl/).
 
 > You quickly want to learn how to use cert-manager and what it can be used for.
 
-We recommend [kubectl cert-manager x install](./kubectl-plugin/) to quickly install cert-manager and [interact with cert-manager resources](../usage/kubectl-plugin/) from the command line.
+We recommend [cmctl x install](./cmctl/) to quickly install cert-manager and [interact with cert-manager resources](../usage/cmctl/) from the command line.
 
-Or if you prefer Helm or if you don't want to install the `kubectl cert-manager` plugin, you can [use helm to install cert-manager](./helm/).
+Or if you prefer Helm or if you don't want to install `cmctl`, you can [use helm to install cert-manager](./helm/).
 
 In case you are running on an OpenShift cluster, consider installing via [cert-manager on OperatorHub.io](./operator-lifecycle-manager/).
 
 ## Continuous deployment
 
 > You know how to configure your cert-manager setup and want to automate this.
 
-You can use either `helm template` or `kubectl cert-manager x install --dry-run` to generate customized cert-manager installation manifests.
-See [Output YAML using kubectl cert-manager x install](./kubectl-plugin/#output-yaml) and [Output YAML using helm template](./helm/#output-yaml) for more details.
+You can use either `helm template` or `cmctl x install --dry-run` to generate customized cert-manager installation manifests.
+See [Output YAML using cmctl x install](./cmctl/#output-yaml) and [Output YAML using helm template](./helm/#output-yaml) for more details.
 This templated cert-manager manifest can be piped into your preferred deployment tool.
 
 In case you are using Helm for automation, cert-manager [supports installing using Helm](./helm/).

content/en/docs/installation/cmctl.md

@@ -0,0 +1,42 @@
+---
+title: "cmctl"
+linkTitle: "cmctl"
+weight: 21
+type: "docs"
+---
+
+## Installing using cmctl
+
+### Prerequisites
+
+- [Install the cert-manager CLI cmctl](../../usage/cmctl/#installation).
+- Install a [supported version of Kubernetes or OpenShift](../supported-releases/).
+- Read [Compatibility with Kubernetes Platform Providers](../compatibility/) if you are using Kubernetes on a cloud platform.
+
+### Steps
+
+The CLI provides the simplest way of installing cert-manager:
+```bash
+$ cmctl x install
+```
+The command makes sure that the required `CustomResourceDefinitions` are installed together with the cert-manager, cainjector and webhook components.
+Under the hood, a procedure similar to the [Helm install procedure](../helm/#steps) is used.
+
+You can also use `cmctl x install` to customize the installation of cert-manager.
+
+The example below shows how to tune the cert-manager installation by overwriting the default Helm values:
+
+```bash
+$ cmctl x install \
+    --set prometheus.enabled=false \  # Example: disabling prometheus using a Helm parameter
+    --set webhook.timeoutSeconds=4s   # Example: changing the wehbook timeout using a Helm parameter
+```
+You can find [a full list of the install parameters on cert-manager's ArtifactHub page](https://artifacthub.io/packages/helm/cert-manager/cert-manager#configuration). These are the same parameters that are available when using the Helm chart.
+Once you have deployed cert-manager, you can [verify](../verify/) the installation.
+
+### Output YAML
+
+The CLI also allows the user to output the templated manifest to `stdout`, instead of installing the manifest on the cluster.
+```bash
+$ cmctl x install --dry-run > cert-manager.custom.yaml
+```

content/en/docs/installation/verify.md

@@ -7,21 +7,21 @@ type: "docs"
 
 ## Check cert-manager API
 
-First, make sure that the [cert-manager kubectl plugin is installed](../../usage/kubectl-plugin/#installation).
+First, make sure that [cmctl is installed](../../usage/cmctl/#installation).
 
-This kubectl plugin performs a dry-run certificate creation check against the Kubernetes cluster.
+cmctl performs a dry-run certificate creation check against the Kubernetes cluster.
 If successful, the message `The cert-manager API is ready` is displayed.
 
 ```bash
-$ kubectl cert-manager check api
+$ cmctl check api
 The cert-manager API is ready
 ```
 
 The command can also be used to wait for the check to be successful.
 Here is an output example of running the command at the same time that cert-manager is being installed:
 
 ```bash
-$ kubectl cert-manager check api --wait=2m
+$ cmctl check api --wait=2m
 Not ready: the cert-manager CRDs are not yet installed on the Kubernetes API server
 Not ready: the cert-manager CRDs are not yet installed on the Kubernetes API server
 Not ready: the cert-manager webhook deployment is not ready yet

content/en/docs/usage/certificate.md

@@ -216,21 +216,20 @@ certificate object is reissued under the following circumstances:
   `subject`, `isCA`, `usages`, `duration` or `issuerRef`;
 - when a reissuance is manually triggered with the following:
   ```sh
-  kubectl cert-manager renew cert-1
+  cmctl renew cert-1
   ```
-  Note that the above command requires the [kubectl
-  cert-manager](../kubectl-plugin/#renew) plugin.
+  Note that the above command requires [cmctl](../cmctl/#renew).
 
 {{% pageinfo color="warning" %}}
 
 **❌** Deleting the Secret resource associated with a Certificate resource is
 **not a recommended solution** for manually rotating the private key. The
 recommended way to manually rotate the private key is to trigger the reissuance
-of the Certificate resource with the following command (requires the [`kubectl
-cert-manager`](../kubectl-plugin/#renew) plugin):
+of the Certificate resource with the following command (requires
+[`cmctl`](../cmctl/#renew)):
 
 ```sh
-kubectl cert-manager renew cert-1
+cmctl renew cert-1
 ```
 
 {{% /pageinfo %}}