You will see the following cert-manager CSI drivers side-by-side:
Create a disposable KinD cluster as follows.
You will see the following cert-manager CSI drivers side-by-side:
Create a disposable KinD cluster as follows.
Download the tlspk-helper script and istioctl CLI.
curl -fsSLO https://venafi-ecosystem.s3.amazonaws.com/tlspk/v1/tlspk-helper.sh && chmod 700 tlspk-helper.sh
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.17.2 sh -
sudo mv istio-*/bin/istioctl /usr/local/bin
Create a local K8s cluster.
NOTE: v2 of this walkthrough minimizes the use of jsctl and explicitly installs js-operator:v0.0.1-alpha.24 (via Helm) which has built in support for the latest version of VenafiEnhancedIssuer/VenafiConnection CRDs.
Terminology:
Minimizing the use of the jsctl
CLI gives you more flexibility.
For example:
Create a Cloud9 jumpbox using Step 01-03 here. This box will sufficient AWS privileges, for example, EC2 and Route53.
Inspired by Installing a cluster quickly on AWS
Terminology:
cert-manager's native Venafi issuer requires Kubernetes secrets to hold Venafi credentials (e.g. API keys). Ideally you wish to eliminate the use of all secrets as these create a potential attack vector.