Configure cert-manager (optional)

cert-manager manages TLS certificates within the Kubernetes cluster. By default, cert-manager uses Let’s Encrypt as the certificate authority for NiFi and modernization-api services.

If you have manual certificates, skip steps 1–4 and store your certificates in Kubernetes secrets instead. See the Kubernetes Secrets documentation for instructions.

  1. Locate the cluster issuer manifest in the nbs-helm-v7.X.0 zip file at k8-manifests/cluster-issuer-prod.yaml.

  2. In cluster-issuer-prod.yaml, update the email address to a valid operations address. Let’s Encrypt uses this address to notify you of upcoming certificate expirations if automatic renewal stops working.

  3. From your terminal, apply the manifest:

    cd <HELM_DIR>/k8-manifests
kubectl apply -f cluster-issuer-prod.yaml

  4. Verify the cluster issuer is deployed and in a ready state:

    kubectl get clusterissuer

    You should see letsencrypt-production with a READY status of True.

    lets-encrypt

Back to top

© Centers for Disease Control and Prevention (CDC). All Rights Reserved.