Reasons for Using a Custom DNS Domain
DKP supports the customization of domains to allow you to use your own domain or hostname for your services. For example, you can set up your DKP UI or any of your clusters to be accessible with your custom domain name instead of the domain provided by default.
To set up a custom domain (without a custom certificate), refer to Configure a Custom Domain without a Custom Certificate.
Reasons for Using a Custom Certificate
DKP’s default CA identity supports the encryption of data exchange and traffic (between your client and your environment’s server). To configure an additional security layer that validates your environment’s server authenticity, DKP supports configuring a custom certificate issued by a trusted Certificate Authority either directly in a Secret or managed automatically using the ACME protocol (for example, Let’s Encrypt).
Changing the default certificate for any of your clusters can be helpful. For example, you can adapt it to classify your DKP UI or any other type of service as trusted (when accessing a service via a browser).
To set up a custom domain and certificate, refer to the following pages respectively:
Configure a custom domain and certificate as part of the cluster’s installation process. This is only possible for your Management/Essential cluster.
Update your cluster’s current domain and certificate configuration as part of your cluster's Day 2 operations. You can do this for any cluster type in your environment.
Using Let’s Encrypt or other public ACME certificate authorities does not work in air-gapped scenarios, as these services require connection to the Internet for their setup. For air-gapped environments, you can either use self-signed certificates issued by the cluster (the default configuration), or a certificate created manually using a trusted Certificate Authority.