Connect a Cluster

Connect Cluster enables you to obtain the deployment configuration of the cluster for deploying and managing the cert-orchestrator from AppViewX KUBE+.

To obtain cert-orchestrator deployment configuration for the respective Kubernetes cluster,

  1. Go to menu > KUBE+ > Inventory > Cluster Inventory.
  2. Click Connect Cluster on the menu bar.
  3. On the Generate Helm Command page, the form fields on the Connect Cluster page assist you in obtaining the installation command. Details on the mapping of each field are provided in the table below:

    Table 1. Fields and Description for Generating Helm Command
    Field Description
    Cluster and Connectivity Details
    Enter Cluster Name* Enter a unique cluster name in the format of FQDN. Example: my-cluster.net.
    Vendor* Select the K8s vendor where the cert-orchestrator is deployed from the dropdown list. The options are:

    • EKS

    • AKS

    • GKE

    • OpenShift

    • Self-Managed
    Connect To* Select one of the following options to establish a connection between the cert-orchestrator and AppViewX across different AppViewX deployment scenarios:

    • AppViewX URL - For on-prem deployment, select this option.

    • Cloud Connector URL - For cloud SaaS deployment, select this option.
    URL* Enter the URL based on the Connect to type (onprem/cloud connector).
    Credential Type* Select one of the following credential types for integrating the cert-orchestrator with AppViewX:

    • Basic Authentication

    • OAuth2.0
    Username* This option is applicable for the Basic Authentication of the Credential Type and will auto populate the list of users from the user inventory. Select the required user to be used for authentication.
    Note: In this mode, only users created within the AppViewX database or onboarded via AAA (LDAP, RADIUS, TACACS) are supported. SSO credentials cannot be used for API authentication. It is recommended to use OAuth 2.0 for authentication instead.
    Crypto Mesh Details
    Namespace* Enter the Namespace where the cert-orchestrator is to be deployed. It is recommended to install in the crypto-mesh namespace.
    Purpose* Select the list of feature gates to be enabled / disabled in the cert-orchestrator deployment configuration for the cluster.
    Certification Group* Select the certificate group to onboard certificates:

    • Auto Create Group - This option enables Auto creation of Certificate Groups in AppViewX with the Group Name as the Namespace Name.

    • Use Existing - This option allows you to choose the existing certificate group. If you choose this option, select a group from the Select Group dropdown menu. .
  4. Click Generate Installation Command to get the Helm command in the Commands field.
    Note:
    • To see the commands in the full screen view, click the .
    • To copy the command, click .
  5. Click Finish.

    Execute the copied installation commands sequentially on your Kubernetes cluster where the cert-orchestrator is to be deployed.

To verify if the cert-orchestrator is deployed and functioning as expected, execute the following command.

kubectl get pods --all -n crypto-mesh
Note: The initial status of the cert-orchestrator pod will be in 1/2 running state and the state will be changed to 2/2 upon approval/moving the cluster to managed state in the Cluster inventory.

  • Expected status is for the pods to be in running status with 1/2 state.

  • In case of any issues or logs to be collected or verified, execute kubectl logs -f <cert-orchestrator-podname> -n crypto-mesh.