Skip to content

Kubernetes cert-manager's integration with Certificate Manager - SaaS

Kubernetes flow diagram

The Venafi Kubernetes cert-manager integration is implemented as a plug-in to the JetStack cert-manager project.

The integration's set up instructions can be found here.

The integration is implemented as an additional cert-manager issuer. The Venafi issuer is configured with the zone that will be used to issue certificates as well as the API key to authenticate to Certificate Manager - SaaS.

Multiple issuers can be configured to support use cases where different certificate types are required for different use cases, such as:

  • Issuing certificates to Ingress controllers that contain TLS annotations to enable TLS for inbound traffic to your Kubernetes cluster
  • Creating certificates as Kubernetes secrets for use by pods in a Kubernetes cluster to secure communication between pods with TLS

You can support issuing certificates for test and production instances from your Certificate Manager - SaaS account by creating multiple issuers and associating them with different zones.

Note

Once the Venafi Issuer is created, any certificates that are generated by cert-manager will be issued from Certificate Manager - SaaS.