Before you start, gather all relevant information (domain, email, keys, PEM file, others) from your certificate provider. In the following, we provide a few examples.

What you need:

Configure Let’s Encrypt

This section provides information on how to set up a Let’s Encrypt certificate for the cluster ingress. This allows most browsers to validate the certificate for the cluster when users try to log into the operations portal. DKP allows setting up Let’s Encrypt in a few simple steps.

  1. Open the kommander.yaml file:

    1. If you do not have the kommander.yaml file, initialize the configuration file, so you can edit it in the following steps. WARNING: Initialize this file only ONCE, otherwise you will overwrite previous customizations.

    2. If you have initialized the configuration file already, open the kommander.yaml with the editor of your choice.

  2. Provide the acquired domain name in the clusterHostname field, enable acme, and add an email to register with Let's encrypt.

    apiVersion: config.kommander.mesosphere.io/v1alpha1
    kind: Installation
    clusterHostname: mycluster.example.com
    acme:
      email: <your_email>
    CODE

    NOTE: Let’s Encrypt uses this email to contact you about expiring certificates, and issues related to your account.

  3. Create a DNS record and install Kommander:

    1. You can set up an external-dns service. This way, the external-dns will take care of pointing the DNS record to the ingress of the cluster automatically.
      In this case: FIRST, set up the external-dns in the kommander.yaml. THEN use the configuration file to install Kommander.

    2. Alternatively, create a DNS record manually, that maps your domain name or IP address to the cluster ingress.
      In this case: FIRST, use the configuration file to install Kommander and wait for the load balancer address to be provisioned. THEN manually create the DNS record pointing to the load balancer address.

Next Topic:

Zero SSL