Before you start, gather all relevant information (domain, email, keys, PEM file, others) from your certificate provider. In the following, we provide a few examples.
What you need:
Your domain name
Basic understanding of how to initialize, configure and run a configuration file
Configure Let’s Encrypt
This section provides information on how to set up a Let’s Encrypt certificate for the cluster ingress. This allows most browsers to validate the certificate for the cluster when users try to log into the operations portal. DKP allows setting up Let’s Encrypt in a few simple steps.
If you do not have the
kommander.yamlfile, initialize the configuration file, so you can edit it in the following steps. WARNING: Initialize this file only ONCE, otherwise you will overwrite previous customizations.
If you have initialized the configuration file already, open the
kommander.yamlwith the editor of your choice.
Provide the acquired domain name in the
acme, and add an
apiVersion: config.kommander.mesosphere.io/v1alpha1 kind: Installation clusterHostname: mycluster.example.com acme: email: <your_email>CODE
NOTE: Let’s Encrypt uses this email to contact you about expiring certificates, and issues related to your account.
Create a DNS record and install Kommander:
You can set up an external-dns service. This way, the
external-dnswill take care of pointing the DNS record to the ingress of the cluster automatically.
In this case: FIRST, set up the
kommander.yaml. THEN use the configuration file to install Kommander.
Alternatively, create a DNS record manually, that maps your domain name or IP address to the cluster ingress.
In this case: FIRST, use the configuration file to install Kommander and wait for the load balancer address to be provisioned. THEN manually create the DNS record pointing to the load balancer address.