Table of contents
Configure Cert manager Cluster Issuer (Optional automatic certificates)
Cert-manager is a tool to manage certificates within the Kubernetes cluster. By default, LetsEncrypt will used as a certificate authority/issuer for certificates for NIFI and modernization-api services. Note: If you have manual certificates, please skip below steps 1-4 and store your certificates manually in Kubernetes secrets and reference them in your configuration by following this link. Set up cluster issuer for LetsEncrypt production certificate issuer:
-
- Use the manifests provided as part of
nbs-helm-v7.X.0zip file. The YAML manifests should be underk8-manifests/cluster-issuer-prod.yaml.
- Use the manifests provided as part of
-
- Update the email address in cluster-issuer-prod.yaml to be your valid operations email address. This email address will be used to notify any certificate expirations that are due for renewal. This will only occur if the automatic renewal stops working (as in the case of a decommissioned test system).
-
- In your terminal, change your directory to
k8-manifests/and run the following command to install the cluster issuer:cd <HELM_DIR>/k8-manifests kubectl apply -f cluster-issuer-prod.yamlYou should see a cluster issuer created as shown below
- In your terminal, change your directory to
-
- Run the following command to make sure the cluster issuer is deployed properly and is in ready state:
kubectl get clusterissuerYou should see a letsencrypt-production true message as shown below
- Run the following command to make sure the cluster issuer is deployed properly and is in ready state: