Deploying to a cluster¶

Deploying to a cluster is a two step process:

Setting up a Kubernetes cluster
Syncing the generated manifest to deploy the Venafi Kubernetes components

Step 1: Setting up a Kubernetes cluster¶

Before syncing a manifest to a cluster you need to create the namespace. If you're using the default namespace (venafi) you can create it as in the following example:
```
kubectl create ns venafi
```
Follow the instructions from Configuring access to Venafi OCI Registry to create a Kubernetes image pull secret.

You must create a docker-registry secret for Kubernetes to use when pulling container images in-cluster. This secret must be available in the installation namespace.

The default secret name is venafi-image-pull-secret unless you configure a different name.

Step 2: Syncing the generated manifest to deploy components¶

Use the Venafi CLI tool to sync your manifest to your cluster.

Note that the default Helm repositories used by generated manifests are public and require no authentication. If you use a custom repository which requires authentication, you must ensure that credentials are available for the Venafi CLI when you sync.

For testing, generate a manifest with just a specific version of cert-manager:

venctl components kubernetes manifest generate --cert-manager-version v1.12.7 > venafi-components.yaml

Use the sync command to load the configuration file and deploy the component:

venctl components kubernetes manifest tool sync --file venafi-components.yaml

Once deployed, the output resembles the following:

Listing releases matching ^tlspk-cert-manager$
tlspk-cert-manager      tlspk           1               2023-12-15 10:47:10.653742 -0500 CDT    deployed        cert-manager-v1.12.7      v1.12.7


UPDATED RELEASES:
NAME                           CHART                                 VERSION   DURATION
tlspk-cert-manager             venafi-tlspk/cert-manager             v1.12.7        38s

Distributed releases¶

To deploy Venafi components across clusters, pass the kubecontext when deploying:

venctl components kubernetes manifest tool sync --file venafi-components.yaml --kube-context <kubecontext>

Tip

You can also use the KUBECONFIG environment variable.

Uninstalling deployed components¶

To uninstall the deployed components, use the following Venafi CLI command:

venctl components kubernetes manifest tool destroy --file venafi-components.yaml --kube-context <ctx>

Once uninstalled, the output resembles the following:

Deleting cert-manager

release "cert-manager" uninstalled


DELETED RELEASES:
NAME                           DURATION
cert-manager                   4s

Note

Uninstalling components might not clean up every resource. Helm charts can leave things behind, notably including CRDs. If you want to remove everything you might need to take additional steps.