Advanced Configuration: ClusterIssuer
Ensure you review Certificate Issuer and KommanderCluster Concepts to understand the basic concepts for certificate configuration.
When you enable ACME, by default DKP generates an ACME-supported certificate with an HTTP01 solver that is provided by Let’s Encrypt.
You can also set up an advanced configuration for a Custom Domain and Certificate. In these cases, the custom configuration cannot be done completely via the installer config
file, but must be specified further in a ClusterIssuer
.
Whether it is sufficient to establish the configuration of your custom certificate in the installer config
file only, or you require a ClusterIssuer
to define further configuration options depends on the degree of customization.
If you require a ClusterIssuer
, you MUST create it before you run the Kommander installation.
When do You Need a ClusterIssuer?
The configuration of the ClusterIssuer
resource depends on your DKP landscape:
How do You Configure a ClusterIssuer?
The following image describes the configurable fields of a ClusterIssuer
:
For more information on the available options, refer to the ACME section in the cert-manager documentation.
Examples:
Refer to Configure the Kommander Installation with a Custom Domain and Certificate for configuration steps and examples.
If you need to make changes in the configuration of your domain or certificate after you have installed DKP, or if you want to set up a custom domain and certificate for Attached or Managed clusters, modify the ingress
in the KommanderCluster
object as shown in the Custom domains and certificates configuration section.
Related topics:
Why to set up a Custom Domain or Certificate?
Configure the Kommander Installation with a Custom Domain and Certificate