Containerized orchestration platforms like Kubernetes and OpenShift remain at risk of exposure to hostile threat actors. Public Key Infrastructure (PKI) plays a vital role in keeping Kubernetes workloads secure to maintain reliable communication, verify component identities, and encrypt data in transit.
What is Kubernetes and cert-manager?
Kubernetes is the largest container orchestration tool that automates operational tasks for container management, whilst managing and scaling software application development. Originally created by Google, Kubernetes, also known as K8s, is maintained by the Cloud Native Computing Foundation (CNCF).
cert-manager is a cloud native X.509 Certificate Management tool specifically designed to secure Kubernetes and OpenShift workloads. With over 5 million daily downloads and over 8000 Slack members, cert-manager is a powerful tool that facilitates the retrieval of public and private trust certificates from different issuers to secure applications working within a Kubernetes Cluster.
Why Does Kubernetes Need Securing?
There are many services within a Kubernetes cluster that needs to be secured with SSL/TLS certificates to secure communications, encryption and authentication. These include communication between pods, Kubelet authentication, Ingress security, Nodes and Kube APIs, or service mesh within a cluster such as Istio.
Public trust SSL/TLS are critical to maintaining confidentiality of data and the integrity of application development as they establish a trusted communication environment both within a cluster and when working together with external entities. This enables the cluster to be integrated securely into production environments.
X.509 certificate deployment allows the following:
- Secure communication and encryption to establish trust between multiple services
- Prevent unauthorised access or man-in-the-middle attacks in production environments
- Enable trusted communication within a Kubernetes infrastructure
- Encrypt communication between nodes, pods and services
- Secure client and internal web servers
GlobalSign’s Issuer for Managing Security in your Kubernetes Environments
GlobalSign’s cert-manager Issuer enable developers to obtain GlobalSign’s trusted SSL/TLS certificates to secure a Kubernetes Cluster. This Issuer is an integration to GlobalSign’s Digital Identity Platform, Atlas, used to issue trusted SSL/TLS certificates for Kubernetes clusters as requested. It can be used to secure a variety of Kubernetes use cases:
- Securing Ingress with SSL / TLS Certificates
- Securing Communications between Kubelet and Kube API Server using Server Certificates
- Authenticating Kubelet to API server using Client Certificates
- Securing pod-to-pod communication
- Securing internal web and client servers
Your 5 Steps to Security
It takes five simple steps to secure your Kubernetes workloads using GlobalSign’s Atlas Issuer for cert-manager:
- Download and install GlobalSign’s Atlas Issuer for cert-manager from the GitHub repository
- Get API credentials from GlobalSign’s Atlas portal
- Create an issuer resource using your API credentials issued by GlobalSign
- Once the issuer resource is configured, create a Certificate Signing Request (CSR) for your Kubernetes resource
- Once approved, a certificate is released from Atlas
Build in security for your Kubernetes Workloads
Our Atlas Issuer for cert-manager enables developers to secure a variety of use-cases with trusted SSL/TLS certificates so they can focus on application development. It is available to download and install from our GitHub repository here.
Find out more:
Download the Datasheet
