"common_name": "myapp.default.svc.cluster.local", "sans": [ "myapp.default.svc", "myapp.default.pod", "myapp-namespace.svc.cluster.local" ], "key_type": "rsa", "key_bits": 2048, "ttl": "168h"
# Script: renew.sh vcert renew --cert myapp.crt --key myapp.key --out-dir ./certs kubectl create secret tls myapp-tls --cert=./certs/myapp.crt --key=./certs/myapp.key --dry-run=client -o yaml | kubectl apply -f - Deploy as a Kubernetes CronJob (e.g., run every 5 days for a 7-day cert). In enterprise setups, the VMware CA can forward requests to a Venafi TPP server. vCert transparently supports this. Just set the appropriate policy name: vmware vcert tool
Whether you’re running stateful VMs on vSphere or a fleet of containers in Tanzu, vCert gives you a reliable, repeatable way to issue machine identities. Start using it today to eliminate manual certificate management and reduce the risk of expiry outages. "common_name": "myapp
In the modern software-defined data center, certificates are the unsung heroes of security. They authenticate workloads, encrypt data in transit, and establish trust between microservices. However, managing the lifecycle of these certificates—especially in ephemeral Kubernetes or VM environments—is a notorious operational headache. Just set the appropriate policy name: Whether you’re
vcert auth login --token $(kubectl get secret my-sa-token -o jsonpath='.data.token' | base64 --decode) Test connectivity:
kubectl create secret tls myapp-tls --cert=myapp.crt --key=myapp.key kubectl create configmap ca-bundle --from-file=ca.crt Mount in your deployment: