How-To: Setup custom domains with custom certificates
Prerequisites:
- Requires Konvoy v1.3.0 GA build.
- A custom domain.
- A certificate (in PEM format), a key (unencrypted RSA private key) and a CA bundle for the custom domain.
(intermediate-ca and root-ca certificates in PEM format should be concatenated in the same file)
Steps:
Create a secret.yaml file with a certificate, key and CA bundle and place it under /extras/kubernetes directory; Create the folder extras/kubernetes if it does not yet exist.
kubectl create secret generic my-custom-secret -n kubeaddons --from-file ca.crt= --from-file tls.crt= --from-file tls.key= --dry-run --save-config -o yaml > extras/kubernetes/secret.yaml
Next, update cluster.yaml with:
- Set clusterHostname for your custom domain in the konvoyconfig.
- Set secret name (the yaml file for "my-custom-secret" that has been created in the previous step) in traefik-forward-auth dex-k8s-authenticator, kube-oidc-proxy, and traefik.
Note: Please maintain the indentation as shown below:
name: dex-k8s-authenticator values: | caCerts: enabled: true caSecretName: name: konvoyconfig values: | config: clusterHostname: name: kube-oidc-proxy values: | oidc: caSecretName: name: traefik values: | ssl: caSecretName: name: traefik-forward-auth values: | traefikForwardAuth: caSecretName:
Next, redeploy the Konvoy cluster with the updated configuration:
konvoy up
Navigate to https:///ops/landing and verify that the custom certificate is served by the browser.