Enrolling a Certificate

Enroll enables the DevOps teams / application owners to request a certificate for their application deployed in the desired Kubernetes cluster. The certificate which is enrolled can be deployed directly to the Kubernetes secrets or even the local volumes of the Kubernetes pods (or) containers.

Prerequisites:

CA Integration done.
CA Policy created.
Certificate Groups created.
Cluster Policy created.

Note: To enable certificate enrollment for OpenShift routes, the following command must be executed in a cluster where cert-orchestrator is installed:

oc create clusterrolebinding crypto-mesh --clusterrole=cluster-admin --serviceaccount=<cert-orch namespace>:crypto-mesh

Sample command:

oc create clusterrolebinding crypto-mesh --clusterrole=cluster-admin --serviceaccount=containers:crypto-mesh

See the following section for enrolling certificates for:

Legacy Cluster Policy
Policy Central Cluster Policy