KommanderCluster and Certificate Issuer Concepts
KommanderCluster
Object
The KommanderCluster
resource is an object that contains key information for all types of clusters that are part of your environment, such as:
Cluster access and endpoint information
Cluster attachment information
Cluster status and configuration information
Issuer Objects:
Issuer
, ClusterIssuer
or certificateSecret
?
If you use a certificate issued and managed automatically by cert-manager
, you need an Issuer
or ClusterIssuer
that you reference in your KommanderCluster
resource. The referenced object must contain the information of your certificate provider.
If you want to use a manually-created certificate, you need a certificateSecret
that you reference in your KommanderCluster
resource.
Location of the KommanderCluster
and Issuer Objects:
Management, Managed or Attached cluster?
In the Management or Essential cluster, both the KommanderCluster
and issuer objects are stored on the same cluster. The issuer can be referenced as an Issuer
, ClusterIssuer
or certificateSecret
.
In Managed and Attached clusters, the KommanderCluster
object is stored on the Management cluster. The Issuer
, ClusterIssuer
or certificateSecret
is stored on the Managed or Attached cluster.
HTTP or DNS solver?
When configuring a certificate for your DKP cluster, you can set up an HTTP solver or a DNS solver. The HTTP protocol exposes your cluster to the public Internet, whereas DNS keeps your traffic hidden. If you use HTTP, your cluster must be publically accessible (via the ingress or load balancer). If you use DNS, this is not a requirement. See Advanced Configuration: ClusterIssuer for HTTP and DNS configuration options.
If you are enabling a proxied access for a network-restricted cluster, this configuration is restricted to DNS.
Next Step:
Configure Custom Domains or Custom Certificates post Kommander Installation