Configure cert-manager

Create a cert-manager Issuer (or ClusterIssuer), referencing a Secret, but do not create the Secret.

⚠ The issuer refers to a credentialsRef that we did not create. That is intentional. It is the job of venafi-oauth-helper to create the secret with access-token required to access Venafi TPP.

kubectl apply -f- <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: issuer-1
spec:
venafi:
zone: "REPLACE_WITH_YOUR_VENAFI_POLICY_FOLDER"
tpp:
url: https://REPLACE_WITH_VENAFI_TPP_HOST/vedsdk
caBundle: REPLACE_WITH_BASE64_ENCODED_CERT_CHAIN_TO_ACCESS_VENAFI
credentialsRef:
name: issuer-1-credentials
EOF
Copy to clipboard

Check to see the status of the issuer. It should be ready.

kubectl get issuer issuer-1
Copy to clipboard
kubectl describe issuer issuer-1
Copy to clipboard

Next Steps

On this page