Advanced Configuration: Important Concepts
If you set up an advanced configuration of your custom domain, ensure you understand the following concepts.
IssuerRef, ClusterIssuerRef or certificateSecretRef?
If you use a certificate issued and managed automatically by cert-manager
, you need an Issuer or Cluster Issuer that you reference in your KommanderCluster
resource. The referenced object must contain the information of your certificate provider.
If you want to use a manually-created certificate, you need a secret that you reference in your KommanderCluster
resource.
Management, Managed or Attached cluster? Location of the KommanderCluster and Issuer objects
In the Management or Essential cluster, both the KommanderCluster
and issuer objects are stored on the same cluster. The issuer can be referenced as an Issuer
, ClusterIssuer
or certificateSecretRef
.
In Managed and Attached clusters, the KommanderCluster
object is stored on the Management cluster. The Issuer
, ClusterIssuer
or certificateSecretRef
is stored on the Managed or Attached cluster.
For more information on ClusterIssuer
objects, refer to Advanced Configuration: ClusterIssuer.
HTTP or DNS solver?
When configuring a certificate for your DKP cluster, you can set up an HTTP solver or a DNS solver. The HTTP protocol exposes your cluster to the public Internet, whereas DNS keeps your traffic hidden. If you use HTTP, your cluster must be publically accessible (via the ingress or load balancer). If you use DNS, this is not a requirement.
Related topics:
Why to set up a Custom Domain or Certificate?
Configure the Kommander Installation with a Custom Domain and Certificate