Using cert-manager with Keyfactor ACME
Cert-manager is a native Kubernetes controller for certificate management that leverages the ACME protocol. It simplifies obtaining, renewing, and managing certificates within Kubernetes clusters. By adding certificates and certificate issuers as resource types, cert-manager ensures that certificates are always valid and up-to-date, automatically renewing them before expiration.
For detailed information about cert-manager, see:
This section outlines the steps to configure cert-manager to issue certificates using the Keyfactor ACME server.
Prerequisites
Ensure the following are prepared:
-
Kubernetes Cluster:
-
cert-manager:
-
Keyfactor ACME EAB Key:
Acquire an External Account Binding (EAB) key from the Keyfactor ACME server using the GET /KeyManagement API
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoint An endpoint is a URL that enables the API to gain access to resources on a server. (see GET KeyManagement) for the user that will make the certificate requests from cert-manager.
Overview
To enroll for a certificate through Keyfactor ACME using cert-manager, you'll deploy the following resources to your Kubernetes cluster via YAML files:
-
Create a Kubernetes Secret for the EAB Key: Configure the EAB (External Account Binding) secret for the issuer (see Create the EAB Secret for the Issuer).
-
Create a ClusterIssuer Resource: Define the Keyfactor ACME server as the certificate issuer for your cluster (see Create the ClusterIssuer Resource).
-
Create Certificate Resources: Use the issuer to request certificates (see Enroll for a Certificate).
Was this page helpful? Provide Feedback