Effective and secure management of certificates can help you to avoid service outages, security breaches and significantly reduce costs of operating your solution.
The Kubernetes cluster is no exception.
In Kubernetes cluster, we tend to have infrastructure represented as a code, which is one of its main principles. This is also true for all certificate resources in a cluster. Moreover, we would like to automate management of certificates resources so we do not have to renew all certificates manually.
Using this setup, we can use a shorter validity of certificates, boosting the security of the infrastructure, and reducing probability of private key compromise.
However, to achieve all of that, we need to have the right tools for the job. One of the most important tools is the cert-manager, which seamlessly integrates with the CZERTAINLY platform for Automatic Certificate Management Environment.
cert-manager in a nutshell
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing, and using those certificates. It can issue certificates from a variety of supported sources, including ACME compliant servers.
It will ensure certificates are valid and up to date and attempt to renew certificates at a configured time before expiry.
The following diagram briefly shows its position between the certificate management services and Kubernetes resources:
For more information about cert-manager, refer to the cert-manager documentation.
CZERTAINLY and cert-manager
CZERTAINLY platform supports ACME implementation according the RFC 8555 – Automatic Certificate Management Environment (ACME).
Using the CZERTAINLY configured as a ClusterIssuer, cert-manager can manage certificates provided by literally any certification authority, whether it is public or private, using any technology.
The unique design and concept of the Czertainly platform allows you to enable ACME protocol for a specific certificate management service called RA Profile.
There are only few steps to setup the environment:
- Create ACME Profile
- Enable ACME Profile for RA Profile
- Create cert-manager ClusterIssuer
- Start managing certificates
You can start with the simple guide on how to use cert-manager with CZERTAINLY.
Additionally, documentation contains resources describing the ACME implementation and the management of different ACME Profiles and ACME Accounts.
Open-source implementation and support
CZERTAINLY platform and the ACME support is part of the open-source repositories. You can start using the platform without any restrictions on number of certificates or number of services you would like to consistently manage.
If you would like to receive support or professional services, our team is always ready to help you, whether you want to deploy the platform, or create a new connector. Do not hesitate and give it a try!
Get more information about the CZERTAINLY
CZERTAINLY is an open-source platform for effective and efficient certificate lifecycle management for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.