.png){kind=logo}
Before you begin deploying EJBCA and SignServer to cloud environments, make sure you have the following systems and tools in place:
-
Kubernetes
v1.32+ -
Helm
v3+ -
External access management:
-
Ingress NGINX: Follow the Ingress-Nginx Controller Installation Guide to set up Ingress NGINX. Enable NGINX controller snippets to allow certificate authentication, by setting
controller.allowSnippetAnnotations=truein your Helm chart deployment. The setting is disabled by default as of Ingress NGINX versionv1.9.0. -
EJBCA only: A Network LoadBalancer such as a cloud-provider-managed load balancer, or MetalLB may be used. For EJBCA deployments, a Network LoadBalancer is recommended for enhanced security.
-
-
Supported database (for non-ephemeral instances):
-
MariaDB
-
MySQL
-
PostgreSQL
-
Oracle Database
-
Microsoft SQL Server
-
-
Hardware Security Module (HSM):
-
SoftHSM2 (not for production use)
-
Thales Luna
-
Utimaco CryptoServer
-
Microsoft Azure Key Vault and Managed HSM
-
Fortanix Data Security Manager
-
-
EJBCA or another Certificate Authority for infrastructure and signer certificates.