Configuring Venafi Control Plane Operator¶
Configuring Venafi Control Plane Operator for Red Hat OpenShift is a simple procedure, and is done using VenafiInstall
custom resources.
Installing Venafi Kubernetes components using Venafi Control Plane Operator¶
When you install Venafi Control Plane Operator on your cluster, it creates a VenafiInstall
CRD that you can use to manage the Venafi Kubernetes components you need.
You can configure Venafi Control Plane Operator to install the following Venafi Kubernetes components:
- Approver Policy
- Approver Policy Enterprise
- cert-manager
- CSI Driver
- Venafi Firefly
- Trust Manager
- Venafi Kubernetes Agent
- Venafi Enhanced Issuer
Configuring the Operator to install cert-manager¶
Follow the steps below to deploy the default version of cert-manager.
Step 1: Configure access to the Venafi OCI registry¶
Important
Follow the instructions in Configuring access to the Venafi OCI registry to enable access to the artifacts required for this component (cert-manager Components
is the default scope for cert-manager). Use venafi
as the namespace.
For the example below, it's assumed that you created the following Kubernetes Secret:
- namespace:
venafi
- name:
venafi-image-pull-secret
Step 2: Create an instance of VenafiInstall
to deploy cert-manager¶
-
Create a YAML file, for example,
venafi-components.yaml
, with the following content:venafi-components.yamlapiVersion: installer.venafi.com/v1alpha1 kind: VenafiInstall metadata: name: venafi-components spec: globals: imagePullSecretNames: [venafi-image-pull-secret] # (1)! certManager: install: true
- The name of the image pull secret required to authenticate with the Venafi OCI registry.
Tip
For a complete list of Venafi Control Plane Operator configuration parameters, refer to the Venafi Control Plane Operator API reference.
-
Apply the manifest by running the following command:
oc apply -f venafi-components.yaml
Step 3: Verifying the configuration¶
Verify whether the cert-manager is successfully installed by running the following command:
oc get pods -n venafi
Sample output:
NAME READY STATUS RESTARTS AGE
cert-manager-a317f649c4-dp632 1/1 Running 0 1m1s
cert-manager-cainjector-3125b8f897-g1adf 1/1 Running 0 1m7s
cert-manager-webhook-26228cbdd-f9121 1/1 Running 0 1m11s