Configuring the Kubernetes integration¶

The interface between a cert-manager instance and Venafi as a Service™ (VaaS) is configured via a cert-manager issuer. The issuer contains a reference to a Kubernetes secret that contains your VaaS API key as well as the zone that will be used by the cert-manager plugin to request certificates. The ‘cloudsecret’ field contains the name of the Kubernetes secret that contains your API key. The ‘zone’ field contains the name of the zone.

    apiVersion: certmanager.k8s.io/v1alpha1
    kind: Issuer
    metadata:
      name: cloud-devops-issuer
      namespace: cert-manager-example
    spec:
        Venafi:
            cloudsecret: clouddevsecret
            zone: "Default"

Use Your Parameters on the Automation page to determine which zone should be used to issue certificates.

Note

Your Parameters displays the policies that must be conformed to when certificates are requested from the zone.

Additional information and examples of setting up the issuer with VaaS and other Venafi solutions can be found in Venafi's Github page.