Deploying to a cluster¶
Deploying to a cluster is a two step process:
- Setting up a Kubernetes cluster
- Syncing the generated manifest to deploy the Venafi Kubernetes components
Step 1: Setting up a Kubernetes cluster¶
Before syncing a manifest to a cluster you need to create the namespace. If you're using the default namespace (
venafi) you can create it as in the following example:
kubectl create ns venafi
Follow the instructions from Configuring access to Venafi OCI Registry to create a Kubernetes image pull secret.
You must create a
docker-registrysecret for Kubernetes to use when pulling container images in-cluster. This secret must be available in the installation namespace.
The default secret name is
venafi-image-pull-secretunless you configure a different name.
Step 2: Syncing the generated manifest to deploy components¶
Use the Venafi CLI tool to sync your manifest to your cluster.
Note that the default Helm repositories used by generated manifests are public and require no authentication. If you use a custom repository which requires authentication, you must ensure that credentials are available for the Venafi CLI when you sync.
For testing, generate a manifest with just a specific version of cert-manager:
venctl components kubernetes manifest generate --cert-manager-version v1.12.7 > venafi-components.yaml
Use the sync command to load the configuration file and deploy the component:
venctl components kubernetes manifest tool sync --file venafi-components.yaml
Once deployed, the output resembles the following:
Listing releases matching ^tlspk-cert-manager$ tlspk-cert-manager tlspk 1 2023-12-15 10:47:10.653742 -0500 CDT deployed cert-manager-v1.12.7 v1.12.7 UPDATED RELEASES: NAME CHART VERSION DURATION tlspk-cert-manager venafi-tlspk/cert-manager v1.12.7 38s
To deploy Venafi components across clusters, pass the kubecontext when deploying:
venctl components kubernetes manifest tool sync --file venafi-components.yaml --kube-context <kubecontext>
You can also use the KUBECONFIG environment variable.
Uninstalling deployed components¶
To uninstall the deployed components, use the following Venafi CLI command:
venctl components kubernetes manifest tool destroy --file venafi-components.yaml --kube-context <ctx>
Once uninstalled, the output resembles the following:
release "cert-manager" uninstalled
Uninstalling components might not clean up every resource. Helm charts can leave things behind, notably including CRDs. If you want to remove everything you might need to take additional steps.