We are very excited to announce the launch of TLS Protect for Kubernetes on Google Cloud Marketplace. This is the easiest way for any organization using GKE to deploy TLS Protect for Kubernetes directly to their Kubernetes environment and build an instant view across all clusters, using cert-manager to manage certificate lifecycles with their preferred private or public CAs.
Enterprises deploying cloud native infrastructure are increasingly using cert-manager as their preferred open source cloud-agnostic solution to automate X.509 certificates and secure Kubernetes workloads. A recent snap survey from the CNCF highlighted the rise in cert-manager adoption in enterprise production environments. Here at Venafi, we regularly encounter cert-manager at scale, deployed across numerous clusters running on multi-cloud environments, providing automation of certificates for a variety of use cases.
Quick and easy one-click install
Using Marketplace to deploy TLS Protect for Kubernetes means customers with existing GCP accounts can easily install and use the latest version of cert-manager packaged alongside the TLS Protect for Kubernetes SaaS offering, plus benefit from a direct line of support to the Venafi team. The full package is ideal for any GKE customer who wishes to standardise on cert-manager throughout their cloud native environment, to have visibility of all machine identities and how they map to the organisation’s cloud infrastructure. Having this level of visibility is important for both security and operations teams. Industry trends are spotlighting the vital importance of machine identity management in modern cloud infrastructure and this is especially true with cloud native. The nature of containerised workloads means these workloads and their certificates will often scale inordinately as new clusters are spun up. Using TLS Protect for Kubernetes for cert-manager, platform teams can deliver secure workload automation and security teams have a demonstrable, enterprise-grade solution to deliver effective policy and best practice security.
TLS Protect for Kubernetes - from the creators of cert-manager
Key advantages of TLS Protect for Kubernetes for GKE customers:
- Ideal for GKE hybrid or multi-cloud environments with Anthos, as an enterprise-grade solution to automatically and consistently manage machine identities across all clusters
- Customers can standardize on cert-manager across the whole cloud native infrastructure and provide all developers the automation to secure workloads
- Fully integrated with Istio service mesh and automates certificate signing with a private CA, including the Google Certificate Authority Service (CAS)
- Provides a multi-cluster view across the full environment irrespective of the underlying cloud provider infrastructure
Using TLS Protect for Kubernetes with cert-manager gives the platform team a web based management interface that will indicate the health and status of cert-manager and its components and all certificates across clusters. Importantly, TLS Protect for Kubernetes will also alert attention to certificates that are not using cert-manager, which can be critical for identifying misconfigured certificates that have been manually generated and may be at risk of expiry.
Get started today
GKE customers can install TLS Protect for Kubernetes for cert-manager now from the GCP Marketplace.
To use the TLS Protect for Kubernetes dashboard and see an overview of your cluster in just a few seconds, you can start for free here. To learn more about TLS Protect for Kubernetes and what the full product offering can do for your enterprise security read the original product announcement or check out the TLS Protect for Kubernetes product page.