Docs

Docs

Automatic DNS and Certificate Management

Learn how to configure Control Center to automatically create DNS records and certificates for your applications.

Control Center simplifies the deployment of Vaadin applications by automating DNS record creation and certificate management. This ensures that applications are immediately accessible via their hostnames, secured with valid SSL certificates from Let’s Encrypt.

Prerequisites

To utilize this feature, ensure the following requirements are met:

  1. ExternalDNS Operator: This operator manages DNS records in supported DNS providers (can be installed with Control Center, see note below).

  2. Supported DNS Service: Control Center supports services compatible with ExternalDNS, such as Google Cloud DNS, Azure DNS, or DigitalOcean (for a full list of supported providers refer to the ExternalDNS documentation)

Note

ExternalDNS can be optionally installed when setting up Control Center or added later as a standalone operator, see Configuring Control Center.

Setting Up with DigitalOcean

To enable automatic DNS and certificate management using DigitalOcean, follow these steps:

Step 1: Generate DigitalOcean API Token

  1. Navigate to the API section of your DigitalOcean dashboard.

  2. Create a new token with full access to the domain scope.

Step 2: Store the API Token in Kubernetes

Save the generated token in a Kubernetes secret:

kubectl create secret generic digitalocean-api --from-literal=token=YOUR_GENERATED_TOKEN
Note

Specify a namespace if necessary:

kubectl -n my-namespace create secret generic digitalocean-api --from-literal=token=YOUR_GENERATED_TOKEN

Configuring Control Center

Create a my-values.yaml file to enable the feature:

domain: &domain example.com
user:
  email: me@example.com
acme:
  enabled: true
external-dns:
  enabled: true
  provider:
    name: digitalocean
  txtOwnerId: "control-center"
  domainFilters:
    - *domain
  env:
    - name: DO_TOKEN
      valueFrom:
        secretKeyRef:
          name: digitalocean-api
          key: token
Important

Setting acme.enabled: true enables automatic generation of SSL certificates by Let’s Encrypt. To use your own certificates, omit this field or set it to false.

Applying the Configuration

Install or upgrade Control Center with the configuration:

helm upgrade -i control-center oci://docker.io/vaadin/control-center \
  --namespace my-namespace --create-namespace \
  --values my-values.yaml

Benefits of Automatic DNS and Certificate Management

Control Center streamlines the deployment process by:

  • Automating DNS Configuration: Ensures applications are accessible via their hostnames immediately after deployment.

  • Simplifying SSL Management: Automatically issues and renews valid SSL certificates via Let’s Encrypt.

  • Enhancing Security and Reliability: Minimizes manual configuration errors and maintains secure connections effortlessly.

By integrating these features, Control Center reduces administrative overhead and accelerates the deployment lifecycle, allowing developers to focus on building applications.

Additional Resources

Note

For other DNS providers, refer to the ExternalDNS provider tutorials.