Kubernetes cert-manager's integration with Certificate Manager - SaaS¶
The Venafi Kubernetes cert-manager integration is implemented as a plug-in to the JetStack cert-manager project.
The integration's set up instructions can be found here.
The integration is implemented as an additional cert-manager issuer. The Venafi issuer is configured with the zone that will be used to issue certificates as well as the API key to authenticate to Certificate Manager - SaaS.
Multiple issuers can be configured to support use cases where different certificate types are required for different use cases, such as:
- Issuing certificates to Ingress controllers that contain TLS annotations to enable TLS for inbound traffic to your Kubernetes cluster
- Creating certificates as Kubernetes secrets for use by pods in a Kubernetes cluster to secure communication between pods with TLS
You can support issuing certificates for test and production instances from your Certificate Manager - SaaS account by creating multiple issuers and associating them with different zones.
Note
Once the Venafi Issuer is created, any certificates that are generated by cert-manager will be issued from Certificate Manager - SaaS.