Skip to main content
Skip table of contents

Get started with SignServer using Kubernetes and Helm

This guide will show you how to quickly get started with SignServer in your Kubernetes cluster using Helm charts.

Before you begin

Before you begin, you need a functioning Kubernetes cluster with kubectl and helm tools configured and ready to use, see Prerequisites.

To authenticate with SignServer Administration Web, you need to import a client certificate into your web browser. If you do not have a client certificate or a Certificate Authority (CA), you can follow the guide Issue Client Authentication Certificate using EJBCA to start a CA and issue a client certificate using EJBCA.

Start SignServer container using Kubernetes and Helm

To deploy an ephemeral SignServer Community test instance using Helm:

BASH 
helm install signserver --set image.repository=keyfactor/signserver-ce \
    oci://repo.keyfactor.com/charts/signserver --version 6.3.0

Alternately, to deploy the Enterprise Edition, run:

BASH 
helm install signserver --set imagePullSecrets[0].name=keyfactor-registry \
    oci://repo.keyfactor.com/charts/signserver --version 6.3.0

Wait for the pod to become READY (1/1):

CODE 
kubectl get pods --watch
TEXT 
NAME                    READY   STATUS              RESTARTS   AGE
signserver-a1b2c3d4e-5f6g7   0/1     Pending             0          0s
signserver-a1b2c3d4e-5f6g7   0/1     ContainerCreating   0          1s
signserver-a1b2c3d4e-5f6g7   0/1     Running             0          1s
signserver-a1b2c3d4e-5f6g7   1/1     Running             0          30s

Once the container is started, access SignServer using your browser and navigate to http://signserver.example.com/signserver/, in this example, http://localhost:8443.

SignServer opens displaying information that client certificate authentication is required and you will need to install an issued client certificate in your web browser. To authenticate with SignServer Administration Web, you can follow the guide Issue Client Authentication Certificate using EJBCA to start a CA and issue a client certificate using EJBCA.

Screenshot from 2024-05-27 15-21-04.png

This demonstrated how you can get SignServer up and running in a Kubernetes cluster quickly. For real-world use cases, you'll need to configure integrations with an external database, an HSM, set up TLS and more.

Explore the SignServer Helm Deployment Parameters, SignServer Deployment, and Integration pages for detailed information on configuring SignServer to suit your needs.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close