Skip to content

Configuring Venafi Control Plane Operator

Configuring Venafi Control Plane Operator for Red Hat OpenShift is a simple procedure, and is done using VenafiInstall custom resources.

Installing Venafi Kubernetes components using Venafi Control Plane Operator

When you install Venafi Control Plane Operator on your cluster, it creates a VenafiInstall CRD that you can use to manage the Venafi Kubernetes components you need.

You can configure Venafi Control Plane Operator to install the following Venafi Kubernetes components:

  • Approver Policy
  • Approver Policy Enterprise
  • cert-manager
  • CSI Driver
  • Venafi Firefly
  • Trust Manager
  • Venafi Kubernetes Agent
  • Venafi Enhanced Issuer

Configuring the Operator to install cert-manager

Follow the steps below to deploy the default version of cert-manager.

Step 1: Configure access to the Venafi OCI registry


Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

For the example below, it's assumed that you created the following Kubernetes Secret:

  • namespace: venafi
  • name: venafi-image-pull-secret

Step 2: Create an instance of VenafiInstall to deploy cert-manager

  1. Create a YAML file, for example, venafi-components.yaml, with the following content:

    kind: VenafiInstall
      name: venafi-components
        imagePullSecretNames: [venafi-image-pull-secret] # (1)!
        install: true
    1. The name of the image pull secret required to authenticate with the Venafi OCI registry.


    For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.

  2. Apply the manifest by running the following command:

    oc apply -f venafi-components.yaml

Step 3: Verifying the configuration

Verify whether the cert-manager is successfully installed by running the following command:

oc get pods -n venafi

Sample output:

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-a317f649c4-dp632              1/1     Running   0          1m1s
cert-manager-cainjector-3125b8f897-g1adf   1/1     Running   0          1m7s
cert-manager-webhook-26228cbdd-f9121       1/1     Running   0          1m11s