Issuing Certificates to Kubernetes Services using cert-manager

Deployments (applications) in Kubernetes are by default only available from inside the cluster. Using an Ingress (similar to a virtual host) can expose the Deployment to the outside world for consumption. Using HTTPS for the Ingress will enable clients of the application to trust that they are using the genuine application and provide confidentiality. For public-facing services, an HTTPS/TLS certificate from a publicly trusted CA is needed. For services inside an organization, it is usually both sufficient and necessary that the certificate is issued by an internal trusted CA. This example covers the use-case where you need to use an internal trusted CA service.

cert-manager is a native Kubernetes certificate management controller, able to issue certificates for Ingresses using the ACME protocol.

PrimeKey's EJBCA Enterprise is a high performance, secure, flexible and scalable enterprise-grade PKI software that supports the ACME protocol for certificate issuance.

For information on how to configure an EJBCA integration with cert-manager for Kubernetes, refer to Keyfactor GitHub.