If you set up an advanced configuration of your custom domain, ensure you understand the following concepts.
IssuerRef, ClusterIssuerRef or certificateSecretRef?
If you use a certificate issued and managed automatically by
cert-manager, you need an Issuer or Cluster Issuer that you reference in your
KommanderCluster resource. The referenced object must contain the information of your certificate provider.
If you want to use a manually-created certificate, you need a secret that you reference in your
Management, Managed or Attached cluster? Location of the KommanderCluster and Issuer objects
In the Management or Essential cluster, both the
KommanderCluster and issuer objects are stored on the same cluster. The issuer can be referenced as an
In Managed and Attached clusters, the
KommanderCluster object is stored on the Management cluster. The
certificateSecretRef is stored on the Managed or Attached cluster.
For more information on
ClusterIssuer objects, refer to Advanced Configuration: ClusterIssuer.
HTTP or DNS solver?
When configuring a certificate for your DKP cluster, you can set up an HTTP solver or a DNS solver. The HTTP protocol exposes your cluster to the public Internet, whereas DNS keeps your traffic hidden. If you use HTTP, your cluster must be publically accessible (via the ingress or load balancer). If you use DNS, this is not a requirement.