Kubernetes Cert-Manager's integration with DevOpsACCELERATE¶
The Venafi Kubernetes Cert-Manager integration is implemented as a plug-in to the JetStack Cert-Manager project.
The integration's set up instructions can be found here.
The integration is implemented as an additional cert-manager issuer. The Venafi issuer is configured with the zone that will be used to issue certificates as well as the API key to authenticate to Venafi Cloud.
Multiple issuers can be configured to support use cases where different certificate types are required for different use cases, such as:
- Issuing certificates to Ingress controllers that contain TLS annotations to enable TLS for inbound traffic to your Kubernetes cluster
- Creating certificates as Kubernetes secrets for use by pods in a Kubernetes cluster to secure communication between pods with TLS
You can support issuing certificates for test and production instances from your Venafi Cloud account by creating multiple issuers and associating them with different zones.
Once the Venafi Issuer is created, any certificates that are generated by cert-manager will be issued from Venafi Cloud.