Skip to content

Installing CSI driver using the Venafi CLI tool

The Venafi CLI tool offers the quickest and easiest method for installing CSI driver for cert-manager.

Step 1: Configure access to the Venafi OCI registry

  1. If installing the component from a Venafi OCI registry, follow the instructions in Configuring access to the Venafi OCI Registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

Step 2: Generate the Venafi Kubernetes manifest

The CSI driver component requires cert-manager to be installed.

  1. If not already installed, download and install the relevant version of the Venafi CLI tool for your platform.

  2. Initialize the Venafi Kubernetes Manifest tool:

    venctl components kubernetes manifest tool init

    For more information on this command and its associated flags, see the venctl reference page.

  3. Issue the following command to generate a Venafi Kubernetes manifest which, when applied, will install the default versions of both cert-manager and CSI driver:

    A sample command for users of the US region OCI registry:

    venctl components kubernetes manifest generate --region us --cert-manager --csi-driver > venafi-components.yaml

    A sample command for users of the EU region OCI registry:

    venctl components kubernetes manifest generate --region eu --cert-manager --csi-driver > venafi-components.yaml

    A sample command for users with their own organizatonal OCI registry. Be sure to update this command with the URI of your own company's registry:

    venctl components kubernetes manifest generate \
  --region custom \
  --cert-manager \
  --cert-manager-custom-chart-repository oci://myregistry.example.com/charts \
  --cert-manager-custom-image-registry myregistry.example.com \
  --csi-driver-custom-chart-repository  oci://myregistry.example.com/charts \
  --csi-driver-custom-image-registry myregistry.example.com \
  --csi-driver > venafi-components.yaml

  4. To apply the manifest, use the following command:

    venctl components kubernetes manifest tool sync --file venafi-components.yaml

    For more information and options on using the Venafi CLI tool to install this component, see the Venafi CLI tool reference page.

    Tip

    To find out the current default version of CSI Driver (and all the Venafi Kubernetes components you can install with the Venafi CLI tool), use the venctl components kubernetes manifest print-versions command.

Tip

You can also use the venctl components kubernetes apply command to install this component on a Kubernetes cluster quickly and easily for test purposes. Note that this command is not recommended for use in production environments.

See venctl components kubernetes apply for more information on how to use the command with this component.

Step 2: Verify the installation

Using kubectl, you can verify the installation has completed correctly by checking the presence of the CSIDriver resource as well as a CSINode resource present for each node, referencing csi.cert-manager.io:

$ kubectl get csidrivers
NAME                     CREATED AT
csi.cert-manager.io   2019-09-06T16:55:19Z

$ kubectl get csinodes -o yaml
apiVersion: v1
items:
- apiVersion: storage.k8s.io/v1beta1
  kind: CSINode
  metadata:
    name: kind-control-plane
    ownerReferences:
    - apiVersion: v1
      kind: Node
      name: kind-control-plane
...
  spec:
    drivers:
    - name: csi.cert-manager.io
      nodeID: kind-control-plane
      topologyKeys: null
...