Skip to content

Configuring Venafi Control Plane Operator

Configuring Venafi Control Plane Operator for Red Hat OpenShift is a simple procedure, and is done using VenafiInstall custom resources.

Installing Venafi Kubernetes components using Venafi Control Plane Operator

When you install Venafi Control Plane Operator on your cluster, it creates a VenafiInstall CRD that you can use to manage the Venafi Kubernetes components you need.

You can configure Venafi Control Plane Operator to install the following Venafi Kubernetes components:

  • Approver Policy
  • Approver Policy Enterprise
  • cert-manager
  • CSI Driver
  • Venafi Firefly
  • Trust Manager
  • Venafi Kubernetes Agent
  • Venafi Enhanced Issuer

Configuring the Operator to install cert-manager

Follow the steps below to deploy the default version of cert-manager.

Step 1: Configure access to the Venafi OCI registry

Important

Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components is the default scope for cert-manager). Use venafi as the namespace.

For the example below, it's assumed that you created the following Kubernetes Secret:

  • namespace: venafi
  • name: venafi-image-pull-secret

Step 2: Create an instance of VenafiInstall to deploy cert-manager

  1. Create a YAML file, for example, venafi-components.yaml, with the following content:

    venafi-components.yaml
    apiVersion: installer.venafi.com/v1alpha1
kind: VenafiInstall
metadata:
  name: venafi-components
spec:
  globals:
    imagePullSecretNames: [venafi-image-pull-secret] # (1)!
  certManager:
    install: true
    1. The name of the image pull secret required to authenticate with the Venafi OCI registry.

    Tip

    For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.

  2. Apply the manifest by running the following command:

    oc apply -f venafi-components.yaml

Step 3: Verifying the configuration

Verify whether the cert-manager is successfully installed by running the following command:

oc get pods -n venafi

Sample output:

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-a317f649c4-dp632              1/1     Running   0          1m1s
cert-manager-cainjector-3125b8f897-g1adf   1/1     Running   0          1m7s
cert-manager-webhook-26228cbdd-f9121       1/1     Running   0          1m11s