Enroll a Certificate

Enroll enables the DevOps teams / application owners to request a certificate for their application deployed in the desired Kubernetes cluster. The certificate which is enrolled can be deployed directly to the Kubernetes secrets or even the local volumes of the Kubernetes pods (or) containers.

Prerequisites:

To enroll a certificate,

  1. Go to menu > KUBE+ > Cluster Security > Enroll Certificates .
  2. Click .
  3. On the Enroll Certificate page, enter/select the field information in the General Information section for Cert resource to be created on Kubernetes cluster.
    Table 1. Filed and Description for General Information Section
    Field Description
    Enroll Cert To Select the endpoint where the cert is to be deployed. The options are:
    • Secret: KUBE+ enrolls certificate and stores signed certificate and key in k8s secret
    • POD : KUBE+ has CSI provider which provisions certificate in the pods local volume
    Cluster Select a cluster where the certificate to be deployed from the dropdown list.
    CA Setting Name Select a certificate authority to be used for signing the CSR from dropdown list.
    Certificate Name Enter a Certificate Name for certificate storage within the K8s cluster.
    Secret Name Enter a Secret Name for certificate storage within the K8s cluster.
    Enable Auto Renewal Select a auto renewal option. The options are:

    • False (default) - after the Issue Wait Period existing, the CSR request will be marked invalid and no more request will be created. User has to reapply the cert yaml after deleting the existing one.

    • True - after the Issue Wait Period, existing CSR request will be deleted and new CSR request will get created.
    Issue Wait Period Enter the issue wait period. The default value is 24h.
  4. Enter/select field information in the CSR Parameter section.
    Table 2. Field and Description for CSR Parameter Section
    Field Description
    CSR Generation Endpoint The default CSR generation endpoint option is K8s Secret.
    Common Name Enter the common name of the cert.
    Subject Alternative Name Select a Subject Alternative Name from the dropdown list. The options are:

    • DNS - DNS of the cert

    • IP Address - IP Address of the cer
    DNS/IP Address Enter the DNS/IP address of the cert.
    Organization Enter the organization of the cert.
    Organization Unit Enter the organization unit of the cert.
    Locality Enter the locality of the cert.
    Street Enter the street of the cert.
    State Enter the state of the cert.
    Province Enter the province of the cert.
    Country Enter the country of the cert.
    Postal Code Enter the postal code of the cert.
    Email Address Enter the email address of the cert.
  5. Enter/select the field information in the Private Key Parameters section.
    Table 3. Field and Description for Private Key Parameters Section
    Field Description
    Key Type Select a key type of the cert from the dropdown list. The options are:

    • RSA

    • EC
    Bit Length Select the bit length from the dropdown list.

    • CSR param bit lengths for RSA are 2048/4096/3072.

    • CSR param bit lengths for EC are 256/384/521.
  6. Click Generate Cert YAML to get the commands in the Certificate YAML field.
    Note:
    • To see the commands in the full screen view, click the .
    • To copy the command, click .
  7. Click Add to add the certificate to the Enroll Certificate inventory list.