Skip to content

Latest commit

 

History

History
139 lines (85 loc) · 3.51 KB

README1.md

File metadata and controls

139 lines (85 loc) · 3.51 KB

Configure Venafi Control Plane

In this stage of the setup, you work on configuring the Venafi Control Plane with required objects to facilitite the certificate issuance later

  • Create a team
  • Create an issuing template
  • Create an application
  • Create a service account as a pull secret for the venafi private registry

Create a team

Review the prerequisites listed in the Home Page

Step x Prepare a team, an issuing template policy and an application

login to your tenant https://.venafi.cloud or https://.venafi.eu if you use an EU tenant. For the rest of this worksho, we will only using venafi.cloud, please remember to use .eu if you are using an EU tenant

Go to Settings > Teams > New

Type in the team name e.g. sys-admin-team

Choose the owner user for this team. Choose other members if applicable.

Choose the role e.g. System Administrator

Create an issuing template

Go to Policies > Issuing Templates > New

Type in the Issuing Template name e.g. builtin-ca-issuing-template

Choose the Certificate Authority for this template

For this workshop we will use the Venafi Built in CA that comes ready to use with VaaS

For Key Generation choose Venafi or user generated

Change the validity for issued certificates. The default is 90 days

Scroll to the end of the page and choose Allow everyone to consume

Create an application

Now the time comes to create an Application Go to Applications > New

Type in the application name e.g. app-a-builtin

Choose the owner team or user

Choose the Issuing Template e.g. builtin-ca-issuing-template that we have configured earlier

Now you are ready to issue certificates

Create a service account as a pull secret

The Next step is to prepare for the deployment of the Cert Manager and other components to a kubernetes cluster.

The venafi images and helm charts are hosted on a trusted Venafi private registry private-registy.venafi.cloud

To pull or deploy images and charts You need a pull secret that is used to authenticate with the Venafi private registry

Go to Settings > Service Accounts > New

Add a New Service Account. Choose Use case Venafi Registry and click Continue

Type in the service account name e.g. techtraining-pullsecret-052024

Choose the Owning Team e.g. sys-admin-team

Choose the scope of the Service account, in this case choose all the possible scope values

Then click Create

Copy the values to a text file and keep them as we will need them at a later stage

Choose Installation Options as Kubernetes

Main Menu | Next Deploy Components to a Kubernetes Cluster