When you enable ACME, by default DKP generates an ACME-supported certificate with an HTTP01 solver that is provided by Let’s Encrypt.

You can also set up an advanced configuration for a Custom Domain and Certificate. In these cases, the custom configuration cannot be done completely via the installer config file, but must be specified further in a ClusterIssuer.

Whether it is sufficient to establish the configuration of your custom certificate in the installer config file only, or you require a ClusterIssuer to define further configuration options depends on the degree of customization.

If you require a ClusterIssuer, you MUST create it before you run the Kommander installation.

When do You Need a ClusterIssuer?

The configuration of the ClusterIssuer resource depends on your DKP landscape:

How do You Configure a ClusterIssuer?

The following image describes the configurable fields of a ClusterIssuer:

For more information on the available options, refer to the ACME section in the cert-manager documentation.


Refer to Configure your Custom Domain and Certificate for configuration steps and examples.

If you need to make changes in the configuration of your domain or certificate after you have installed DKP, or if you want to set up a custom domain and certificate for Attached or Managed clusters, modify the ingress in the KommanderCluster object as shown in the Custom domains and certificates configuration section.

Related topics:

Why to set up a Custom Domain or Certificate?

Configure your Custom Domain and Certificate

Advanced Configuration: Important Concepts