# Kubernetes and Container Platforms Modern applications increasingly run in Kubernetes and containerized environments, where certificates must be issued, renewed, and rotated automatically. CERTInext enables secure certificate lifecycle automation for Kubernetes clusters, container workloads, ingress controllers, and service meshes. By combining API-based automation, ACME support, and provisioning workflows, CERTInext ensures that certificates used by containers and microservices remain valid and policy-compliant without manual intervention. #### Purpose Kubernetes and container integration allows organizations to: * Automate TLS certificate issuance for Ingress resources * Secure microservices with internal PKI certificates * Enable automated renewal before certificate expiry * Enforce product-based policy controls * Support multi-cluster and multi-namespace environments * Maintain centralized visibility in CERTInext This ensures that dynamic workloads do not introduce unmanaged certificate risks. #### Integration Approaches CERTInext supports Kubernetes environments through: **ACME-based Automation**\ Kubernetes components (such as cert-manager) can integrate with CERTInext using ACME credentials generated under:\ Integrations → APIs → + New API Credentials **REST API Automation**\ Custom operators, CI/CD pipelines, or automation scripts can call CERTInext REST APIs to: * Request certificates * Submit CSRs * Track issuance status * Download certificates * Trigger renewal or revocation **Provisioning Bots (Hybrid Environments)**\ For container workloads running on VM-backed clusters, provisioning bots can deploy certificates to host-level services such as Nginx or Apache. #### Common Use Cases **Ingress TLS Automation**\ Automatically issue and renew certificates for: * Nginx Ingress Controller * Traefik * HAProxy * Cloud load balancers **Internal Service-to-Service Encryption**\ Issue private CA certificates for: * Microservices * Service mesh environments * API gateways **CI/CD Integration**\ Trigger certificate creation during: * Application deployment * Environment provisioning * Namespace creation #### Operational Flow 1. Generate API credentials (ACME or REST). 2. Configure Kubernetes integration (cert-manager or custom automation). 3. Associate certificates with a Product to enforce policy. 4. Certificates are issued by the configured CA. 5. Renewal is handled automatically before expiry. 6. Lifecycle visibility remains centralized in CERTInext. All actions are logged for audit and compliance. #### Security Best Practices * Use dedicated service accounts for Kubernetes automation * Restrict API credentials to specific Products * Store API secrets in Kubernetes Secrets or secure vaults * Enable short renewal windows for production workloads * Monitor issuance and renewal events via dashboards and alerts #### Monitoring and Visibility Certificates issued through Kubernetes integrations: * Appear in the Provisioning Certificates inventory * Are tracked for expiry and renewal * Follow product-level policy controls * Are included in reports and exports This ensures containerized environments remain aligned with enterprise certificate governance. #### Important Notes * ACME is recommended for automated Kubernetes TLS workflows. * Private CA integration supports internal cluster certificates. * API credentials can be revoked instantly if compromised. * Renewal failures should be reviewed in audit logs and automation dashboards. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/automation-and-devops/kubernetes-and-container-platforms.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.