- Git
- Make
- Docker >= v20.10.0
- Kubectl >= v1.11.3
- Kubernetes >= v1.19
- Kubernetes, Minikube, or Kind
- Keyfactor Command >= v10.1.0
- cert-manager >= v1.11.0
- cmctl
Before starting, ensure that all of the above requirements are met, and that Keyfactor Command is properly configured according to the product docs. Additionally, verify that at least one Kubernetes node is running by running the following command:
kubectl get nodesA static installation of cert-manager can be installed with the following command:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml📌 Running the static cert-manager configuration is not recommended for production use. For more information, see Installing cert-manager.
The cert-manager external issuer for Keyfactor Command is distributed as source code, and the container must be built manually. The container image can be built using the following command:
make docker-build DOCKER_REGISTRY=<your container registry> DOCKER_IMAGE_NAME=keyfactor/command-cert-manager-issuer VERSION=<tag>📌 The container image can be built using Docker Buildx by running make docker-buildx. This will build the image for all supported platforms.
To push the container image to a container registry, run the following command:
docker login <your container registry>
make docker-push DOCKER_REGISTRY=<your container registry> DOCKER_IMAGE_NAME=keyfactor/command-cert-manager-issuer VERSION=<tag>The cert-manager external issuer for Keyfactor Command can be installed using the manifests in the config/ directory.
-
Install the custom resource definitions (CRDs) for the cert-manager external issuer for Keyfactor Command:
make install
-
Finally, deploy the controller to the cluster:
make deploy DOCKER_REGISTRY=<your container registry> DOCKER_IMAGE_NAME=keyfactor/command-cert-manager-issuer VERSION=<tag>
The cert-manager external issuer for Keyfactor Command can also be installed using a Helm chart. The chart is available in the Command cert-manager Helm repository.
-
Add the Helm repository:
helm repo add command-issuer https://keyfactor.github.io/command-cert-manager-issuer helm repo update
-
Then, install the chart:
helm install command-cert-manager-issuer command-issuer/command-cert-manager-issuer \ --namespace command-issuer-system \ --create-namespace \ --set image.repository=<your container registry>/keyfactor/command-cert-manager-issuer \ --set image.tag=<tag> \ --set crd.create=true \ # --set image.pullPolicy=Never # Only required if using a local image-
Modifications can be made by overriding the default values in the
values.yamlfile with the--setflag. For example, to override thesecretConfig.useClusterRoleForSecretAccessto configure the chart to use a cluster role for secret access, run the following command:helm install command-cert-manager-issuer command-issuer/command-cert-manager-issuer \ --namespace command-issuer-system \ --create-namespace \ --set image.repository=<your container registry>/keyfactor/command-cert-manager-issuer \ --set image.tag=<tag> \ --set crd.create=true \ --set secretConfig.useClusterRoleForSecretAccess=true -
Modifications can also be made by modifying the
values.yamlfile directly. For example, to override thesecretConfig.useClusterRoleForSecretAccessvalue to configure the chart to use a cluster role for secret access, modify thesecretConfig.useClusterRoleForSecretAccessvalue in thevalues.yamlfile by creating an override file:cat <<EOF > override.yaml image: repository: <your container registry>/keyfactor/command-cert-manager-issuer pullPolicy: Never tag: "<tag>" secretConfig: useClusterRoleForSecretAccess: true EOF
Then, use the
-fflag to specify thevalues.yamlfile:helm install command-cert-manager-issuer command-issuer/command-cert-manager-issuer \ --namespace command-issuer-system \ -f override.yaml
-
Next, complete the Usage steps to configure the cert-manager external issuer for Keyfactor Command.