Skip to content

Installing Venafi Connection using the Venafi CLI tool

Venafi Connection is a sub-component used by other Venafi components. When you install components that rely on Venafi Connection, such as Venafi Enhanced Issuer, the Venafi Connection sub-component is automatically included. This guide details how to customize the Venafi Connection configuration.

The Venafi CLI tool offers the quickest and easiest method for installing Venafi Connection.

Step 1: Configure access to the Venafi OC registry

  1. If installing the component from a Venafi OCI registry, follow the instructions in Configuring access to the Venafi OCI Registry to enable access to the artifacts required for this component. Use venafi as the namespace.

Step 2: Generate the Venafi Kubernetes manifest

To install the default version of Venafi Connection using the Venafi CLI tool:

  1. If not already installed, download and install the relevant version of the Venafi CLI tool for your platform.

  2. Initialize the Venafi Kubernetes Manifest tool:

    venctl components kubernetes manifest tool init

    For more information on this command and its associated flags, see the venctl reference page.

  3. Use one of the following commands to install the default version of Venafi Connection along with Approver Policy Enterprise or Venafi Enhanced Issuer:

    Sample commands for users of the US region OCI registry:

    To install Venafi Connection along with Venafi Enhanced Issuer:

    venctl components kubernetes manifest generate --region us --venafi-enhanced-issuer > venafi-components.yaml

    To install Venafi Connection along with Approver Policy Enterprise:

    venctl components kubernetes manifest generate --region us --approver-policy-enterprise > venafi-components.yaml

    To install Venafi Connection along with Venafi Enhanced Issuer and Approver Policy Enterprise:

    venctl components kubernetes manifest generate --region us --venafi-enhanced-issuer --approver-policy-enterprise > venafi-components.yaml

    Sample commands for users of the EU region OCI registry:

    To install Venafi Connection along with Venafi Enhanced Issuer:

    venctl components kubernetes manifest generate --region eu --venafi-enhanced-issuer > venafi-components.yaml

    To install Venafi Connection along with Approver Policy Enterprise:

    venctl components kubernetes manifest generate --region eu --approver-policy-enterprise > venafi-components.yaml

    To install Venafi Connection along with Venafi Enhanced Issuer and Approver Policy Enterprise:

    venctl components kubernetes manifest generate --region eu --venafi-enhanced-issuer --approver-policy-enterprise > venafi-components.yaml

    Sample commands for users with their own organizatonal OCI registry. Be sure to update this command with the URI of your own company's registry:

    To install Venafi Connection along with Venafi Enhanced Issuer:

    venctl components kubernetes manifest generate \
    --region custom \
    --cert-manager-custom-chart-repository oci://myregistry.example.com/charts \
    --cert-manager-custom-image-registry myregistry.example.com \
    --venafi-connection-custom-chart-repository oci://myregistry.example.com/charts \
    --venafi-enhanced-issuer > venafi-components.yaml

    To install Venafi Connection along with Approver Policy Enterprise:

    venctl components kubernetes manifest generate \
    --region custom \
    --cert-manager-custom-chart-repository oci://myregistry.example.com/charts \
    --cert-manager-custom-image-registry myregistry.example.com \
    --venafi-connection-custom-chart-repository oci://myregistry.example.com/charts \
    --approver-policy-enterprise > venafi-components.yaml

    To install Venafi Connection along with Venafi Enhanced Issuer and Approver Policy Enterprise:

    venctl components kubernetes manifest generate \
    --region custom \
    --cert-manager-custom-chart-repository oci://myregistry.example.com/charts \
    --cert-manager-custom-image-registry myregistry.example.com \
    --venafi-connection-custom-chart-repository oci://myregistry.example.com/charts \
    --venafi-enhanced-issuer \
    --approver-policy-enterprise > venafi-components.yaml

    For more information on the venctl components kubernetes manifest generate command and its associated flags, see the venctl reference page.

    Tip

    To find out the current default version of Venafi Connection (and all the Venafi Kubernetes components you can install with venctl), use the venctl components kubernetes manifest print-versions command.

  4. To apply the manifest, use the following command:

    venctl components kubernetes manifest tool sync --file venafi-components.yaml

    For more information and options on using the Venafi CLI tool to install this component, see the Venafi CLI tool reference page.

Tip

You can also use the venctl components kubernetes apply command to install this component on a Kubernetes cluster quickly and easily for test purposes. Note that this command is not recommended for use in production environments.

See venctl components kubernetes apply for more information on how to use the command with this component.