KommanderCluster and Certificate Issuer Concepts

KommanderCluster Object

The KommanderCluster resource is an object that contains key information for all types of clusters that are part of your environment, such as:

• Cluster access and endpoint information

• Cluster attachment information

• Cluster status and configuration information

Issuer Objects:
Issuer, ClusterIssuer or certificateSecret?

If you use a certificate issued and managed automatically by cert-manager, you need an Issuer or ClusterIssuer that you reference in your KommanderCluster resource. The referenced object must contain the information of your certificate provider.

If you want to use a manually-created certificate, you need a certificateSecret that you reference in your KommanderCluster resource.

Location of the KommanderCluster and Issuer Objects:
Management, Managed or Attached cluster?

In the Management or Essential cluster, both the KommanderCluster and issuer objects are stored on the same cluster. The issuer can be referenced as an Issuer, ClusterIssuer or certificateSecret.

In Managed and Attached clusters, the KommanderCluster object is stored on the Management cluster. The Issuer, ClusterIssuer or certificateSecret is stored on the Managed or Attached cluster.

HTTP or DNS solver?

When configuring a certificate for your DKP cluster, you can set up an HTTP solver or a DNS solver. The HTTP protocol exposes your cluster to the public Internet, whereas DNS keeps your traffic hidden. If you use HTTP, your cluster must be publically accessible (via the ingress or load balancer). If you use DNS, this is not a requirement. See Advanced Configuration: ClusterIssuer for HTTP and DNS configuration options.

If you are enabling a proxied access for a network-restricted cluster, this configuration is restricted to DNS.

Next Step:

Configure Custom Domains or Custom Certificates post Kommander Installation