Set Up a Custom Domain for a Workload

This tutorial shows how to set up a custom domain and prepare a certificate required for exposing a workload. It uses the Gardener External DNS Management and Certificate Management components.

Prerequisites

• You have a custom domain.
• If you use a cluster not managed by Gardener, install the External DNS Management and Certificate Management components manually in a dedicated namespace. SAP BTP, Kyma runtime clusters are managed by Gardener, so you are not required to install any additional components.

Steps

Create a Secret with Credentials

Create a Secret containing credentials for the DNS cloud service provider account in your namespace. To learn how to do it, follow the External DNS Management guidelines.

Create a DNSProvider Custom Resource (CR)

Create a DNSEntry CR

Create a Certificate CR

NOTE

While using the default configuration, certificates with the Let's Encrypt Issuer are valid for 90 days and automatically renewed 30 days before their validity expires. For more information, read the documentation on Gardener Certificate Management and Gardener extensions for certificate Services.

Next Steps

Set up a TLS Gateway or set up an mTLS Gateway.

For more examples of CRs for Services and Ingresses, see the Gardener external DNS management documentation.