Kubernetes cert-manager's integration with TLS Protect Cloud¶

The Venafi Kubernetes cert-manager integration is implemented as a plug-in to the JetStack cert-manager project.

The integration's set up instructions can be found here.

The integration is implemented as an additional cert-manager issuer. The Venafi issuer is configured with the zone that will be used to issue certificates as well as the API key to authenticate to TLS Protect Cloud.

Multiple issuers can be configured to support use cases where different certificate types are required for different use cases, such as:

• Issuing certificates to Ingress controllers that contain TLS annotations to enable TLS for inbound traffic to your Kubernetes cluster
• Creating certificates as Kubernetes secrets for use by pods in a Kubernetes cluster to secure communication between pods with TLS

You can support issuing certificates for test and production instances from your TLS Protect Cloud account by creating multiple issuers and associating them with different zones.