Difficulty: intermediate
Estimated Time: 30 minutes

Kubernetes configured to use Vault as a certificate manager enables your services to establish their identity and communicate securely over the network with other services or clients internal or external to the cluster.

Jetstack's cert-manager enables Vault's PKI secrets engine to dynamically generate X.509 certificates within Kubernetes through an Issuer interface.

In this guide, you setup Vault with the Vault Helm chart, configure the PKI secrets engine and Kubernetes authentication. Then install Jetstack's cert-manager, configure it to use Vault, and request a certificate.

In this guide, you installed Vault configured the PKI secrets engine and Kubernetes authentication. Then installed Jetstack's cert-manager, configured it to use Vault, and requested a certificate.

Besides creation, these certificates can be revoked and removed. Learn more about Jetstack's cert-manager used in this guide and explore Vault's KPI secrets engine as a certificate authority in the Build Your Own Certificate Authority.

Configure Vault as a Certificate Manager in Kubernetes with Helm

Step 1 of 7

Start Minikube

Minikube is a CLI tool that provisions and manages the lifecycle of single-node Kubernetes clusters running inside Virtual Machines (VM) on your local system.

Verify the minikube CLI is installed.

minikube version

Wait until the minikube version command returns a value.

Start the Minikube cluster.

minikube start --vm-driver none --bootstrapper kubeadm

Verify the status of the Minikube cluster.

minikube status

When the host, kubelet, and apiserver report that they are Running the Kubernetes cluster is ready.