Prerequisites
Before you begin deploying EJBCA and SignServer to cloud environments, make sure you have the following systems and tools in place:
Kubernetes
v1.19+
Helm
v3+
External access management:
Ingress NGINX: Follow the Ingress-Nginx Controller Installation Guide to set up Ingress NGINX. Enable NGINX controller snippets to allow certificate authentication, by setting
controller.allowSnippetAnnotations=true
in your Helm chart deployment. The setting is disabled by default as of Ingress NGINX versionv1.9.0
.EJBCA only: A Network LoadBalancer such as a cloud-provider-managed load balancer, or MetalLB may be used. For EJBCA deployments, a Network LoadBalancer is recommended for enhanced security.
Supported database (for non-ephemeral instances):
MariaDB
MySQL
PostgreSQL
Oracle Database
Microsoft SQL Server
Hardware Security Module (HSM):
SoftHSM2 (not for production use)
Thales Luna
Utimaco CryptoServer
Entrust nShield Connect
Microsoft Azure Key Vault and Managed HSM
Fortanix Data Security Manager