Skip to main content
Skip table of contents

Get started with EJBCA using Kubernetes and Helm

This guide will show you how to quickly get started with EJBCA in your Kubernetes cluster using Helm charts.

Before you begin

Before you begin, you need a functioning Kubernetes cluster with kubectl and helm tools configured and ready to use, see Prerequisites.

Start EJBCA container using Kubernetes and Helm

To deploy an ephemeral EJBCA Community test instance using Helm:

helm install ejbca --set fullnameOverride=ejbca \
    oci:// --version 8.3.1

Alternately, to deploy the Enterprise Edition:

helm install ejbca --set imagePullSecrets[0].name=keyfactor-registry \
    oci:// --version 8.3.1

Wait for the pods to become READY (1/1):

kubectl get pods --watch
NAME                    READY   STATUS              RESTARTS   AGE
ejbca-a1b2c3d4e-5f6g7   0/1     Pending             0          0s
ejbca-a1b2c3d4e-5f6g7   0/1     ContainerCreating   0          1s
ejbca-a1b2c3d4e-5f6g7   0/1     Running             0          1s
ejbca-a1b2c3d4e-5f6g7   1/1     Running             0          30s

Once the EJBCA container is started, you can use port forwarding to access EJBCA Administration Web from your local machine:

kubectl port-forward service/ejbca 8081:8081

Open http://localhost:8081 in a web browser and start configuring your PKI.


This demonstrated how you can get EJBCA up and running in a Kubernetes cluster for quick tests and demos. For real-world use cases, you need to configure integrations with an external database, an HSM, set up TLS, choose the method for exposing EJBCA to other applications and/or the outside world and more.

For more information on configuring EJBCA to suit your needs, see EJBCA Helm Deployment Parameters, EJBCA Deployment, and Integration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.