Cert Orchestrator

Cert-Orchestrator is a Kubernetes cryptomesh that utilizes a microservice architecture and is deployed as a container workload. Its purpose is to facilitate the implementation of KUBE+ across workloads and hosted clusters.

Users have the option to deploy and integrate the cert orchestrator with AppViewX KUBE+. This enables the full range of Crypto Mesh features, or specific features can be selectively implemented depending on the use case. The cert-orchestrator comprises several sub-components that enable the KUBE+ solution:

• Cert-orchestrator controller: The primary component of KUBE+ is deployed to enable end-to-end certificate lifecycle management, including discovery, enrollment, and renewal.

• AppViewX-Signer: The KUBE+ component is deployed together with Cert-orchestrator to manage certificates within Istio Service Mesh.

• AppViewX-CSI: The KUBE+ component is deployed along with Cert-orchestrator to manage certificates within ephemeral volumes of pods.

• AppViewX-Infra-orchestrator: The KUBE+ component, deployed as a daemon set along with Cert-orchestrator, enables certificate lifecycle management for the Kubernetes infrastructure or control plane, including certificate discovery and enrollment from external public or private CAs.