Kubernetes cert-manager's integration with Certificate Manager - SaaS¶

The Venafi Kubernetes cert-manager integration is implemented as a plug-in to the JetStack cert-manager project.

The integration's set up instructions can be found here.

The integration is implemented as an additional cert-manager issuer. The Venafi issuer is configured with the zone that will be used to issue certificates as well as the API key to authenticate to Certificate Manager - SaaS.

Multiple issuers can be configured to support use cases where different certificate types are required for different use cases, such as:

• Issuing certificates to Ingress controllers that contain TLS annotations to enable TLS for inbound traffic to your Kubernetes cluster
• Creating certificates as Kubernetes secrets for use by pods in a Kubernetes cluster to secure communication between pods with TLS

You can support issuing certificates for test and production instances from your Certificate Manager - SaaS account by creating multiple issuers and associating them with different zones.