Steps for Automating Certificate Lifecycle Management

Request and provision certificates to your Kubernetes secrets or local volumes within a pod or a container and use them for securing your Kubernetes ingress or gateways. The provisioned certificates can also be automatically renewed before expiry.

The following outlines the step-by-step process to fully automate certificate lifecycle management within your clusters, ensuring compliance and promoting crypto-agility through simplified PKI policies.

1. Configure Issuer CA - To enable certificate signing requests (CSRs) to be generated at the cluster end using the Cluster Policy defined earlier, the Issuer CA feature is used to create a Policy YAML and push it into the cluster. This Policy YAML, derived from the Cluster Policy, will be used during the CSR generation process when certificates are requested within the cluster.

2. Enroll Certificates - The certificate request process involves obtaining certificates signed by the specified Certificate Authority (CA), which can then be deployed in Kubernetes secrets, pods, or routes.

3. Download Certificates - Process for retrieving certificates from the centralized inventory and deploying them to Kubernetes secrets or pods.