Skip to content

Add guide for automatic DNS and certificate management in Control Center #4117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 18, 2025
Merged

Add guide for automatic DNS and certificate management in Control Center #4117

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
809f675
docs: add guide for automatic DNS and certificate management in Contr…
heruan Feb 10, 2025
8d2313b
Address review comments
heruan Feb 17, 2025
9b5afe2
Merge branch 'latest' into control-center/800/automatic-dns
heruan Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 114 additions & 0 deletions articles/control-center/getting-started/automatic-dns-and-cert.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
---
title: Automatic DNS records and certificates
page-title: Automatic DNS records and certificates
description: Learn how to configure Control Center to automatically create DNS records and certificates for your applications.
meta-description: Learn how to configure Control Center to automatically create DNS records and certificates for your applications.
order: 40
---

= Automatic DNS and Certificate Management

Control Center simplifies the deployment of Vaadin applications by automating DNS record creation and certificate management. This ensures that applications are immediately accessible via their hostnames, secured with valid SSL certificates from Let's Encrypt.

Check failure on line 11 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'hostnames'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'hostnames'?", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 11, "column": 195}}}, "severity": "ERROR"}

Check warning on line 11 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vaadin.We] Try to avoid using first-person plural like 'Let's'.

Raw Output:
{"message": "[Vaadin.We] Try to avoid using first-person plural like 'Let's'.", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 11, "column": 247}}}, "severity": "WARNING"}

== Prerequisites

To utilize this feature, ensure the following requirements are met:

1. **ExternalDNS Operator**: This operator manages DNS records in supported DNS providers (can be installed with Control Center, see note below).
2. **Supported DNS Service**: Control Center supports services compatible with ExternalDNS, such as Google Cloud DNS, Azure DNS, or DigitalOcean (for a full list of supported providers refer to the https://github.com/kubernetes-sigs/external-dns[ExternalDNS documentation])

[NOTE]
====
ExternalDNS can be optionally installed when setting up Control Center or added later as a standalone operator, see <<Configuring Control Center>>.
====

== Setting Up with DigitalOcean

To enable automatic DNS and certificate management using DigitalOcean, follow these steps:

=== Step 1: Generate DigitalOcean API Token

1. Navigate to the **API** section of your DigitalOcean dashboard.
2. Create a new token with full access to the `domain` scope.

=== Step 2: Store the API Token in Kubernetes

Save the generated token in a Kubernetes secret:

[source,bash]
----
kubectl create secret generic digitalocean-api --from-literal=token=YOUR_GENERATED_TOKEN
----

[NOTE]
====
Specify a namespace if necessary:

[source,bash]
----
kubectl -n my-namespace create secret generic digitalocean-api --from-literal=token=YOUR_GENERATED_TOKEN
----
====

== Configuring Control Center

Create a `my-values.yaml` file to enable the feature:

[source,yaml]
----
domain: &domain example.com
user:
email: [email protected]
acme:
enabled: true
external-dns:
enabled: true
provider:
name: digitalocean
txtOwnerId: "control-center"
domainFilters:
- *domain
env:
- name: DO_TOKEN
valueFrom:
secretKeyRef:
name: digitalocean-api
key: token
----

[IMPORTANT]
====
Setting `acme.enabled: true` enables automatic generation of SSL certificates by Let's Encrypt. To use your own certificates, omit this field or set it to `false`.

Check warning on line 81 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vaadin.We] Try to avoid using first-person plural like 'Let's'.

Raw Output:
{"message": "[Vaadin.We] Try to avoid using first-person plural like 'Let's'.", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 81, "column": 82}}}, "severity": "WARNING"}
====

== Applying the Configuration

Install or upgrade Control Center with the configuration:

[source,bash]
----
helm upgrade -i control-center oci://docker.io/vaadin/control-center \
--namespace my-namespace --create-namespace \
--values my-values.yaml
----

== Benefits of Automatic DNS and Certificate Management

Control Center streamlines the deployment process by:

- **Automating DNS Configuration**: Ensures applications are accessible via their hostnames immediately after deployment.

Check failure on line 99 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'hostnames'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'hostnames'?", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 99, "column": 83}}}, "severity": "ERROR"}
- **Simplifying SSL Management**: Automatically issues and renews valid SSL certificates via Let's Encrypt.

Check warning on line 100 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vaadin.We] Try to avoid using first-person plural like 'Let's'.

Raw Output:
{"message": "[Vaadin.We] Try to avoid using first-person plural like 'Let's'.", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 100, "column": 94}}}, "severity": "WARNING"}
- **Enhancing Security and Reliability**: Minimizes manual configuration errors and maintains secure connections effortlessly.

By integrating these features, Control Center reduces administrative overhead and accelerates the deployment lifecycle, allowing developers to focus on building applications.

== Additional Resources

- https://kubernetes-sigs.github.io/external-dns/latest/[ExternalDNS Documentation]
- https://letsencrypt.org/docs/[Let's Encrypt Documentation]

Check warning on line 108 in articles/control-center/getting-started/automatic-dns-and-cert.adoc

View workflow job for this annotation

GitHub Actions / lint 

[vale] reported by reviewdog 🐶
[Vaadin.We] Try to avoid using first-person plural like 'Let's'.

Raw Output:
{"message": "[Vaadin.We] Try to avoid using first-person plural like 'Let's'.", "location": {"path": "articles/control-center/getting-started/automatic-dns-and-cert.adoc", "range": {"start": {"line": 108, "column": 33}}}, "severity": "WARNING"}
- https://docs.digitalocean.com/products/networking/dns/[DigitalOcean DNS Documentation]

[NOTE]
====
For other DNS providers, refer to the https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials.md[ExternalDNS provider tutorials].
====