Skip to content
Edka Kubernetes Management Platform Edka Kubernetes Management Platform

Domains and Wildcard TLS

Edka manages cluster level wildcard domains for deployments and previews. Standard hostnames are configured on each deployment.

Domain types

  • Wildcard domains: *.example.com for production or staging deployments.
  • Preview wildcard domains: *.preview.example.com marked as preview for pull request previews.

Notes:

  • Only wildcard domains are supported in the cluster Domains view.
  • Wildcards are single label. *.example.com matches app.example.com, not app.dev.example.com.
  • Each domain is tied to an ingress class (ingress controller).
  • Multiple preview wildcard domains per ingress class are supported. Each Git deployment can select a specific one.

Add a wildcard domain

  1. Open a cluster and go to Domains.
  2. Add a domain like *.example.com.
  3. Select the ingress controller (ingress class).
  4. Optional: mark it as a preview domain.

Point DNS to the cluster

Create DNS records to the ingress load balancer.

  • Use A or AAAA records to the load balancer IPs shown in the Domains view.
  • Or use a CNAME to the load balancer hostname if your DNS provider supports it.

Wildcard TLS (automatic certificates)

Wildcard TLS issues and renews a certificate for the wildcard domain.

Requirements

  • cert-manager add-on
  • Edka DNS-01 webhook add-on
  • Reflector add-on if you want to mirror secrets to multiple namespaces

Step 1: Generate a DNS delegation record

In the domain detail view, generate the record and create a CNAME in your DNS provider:

  • Name: _acme-challenge.example.com
  • Type: CNAME
  • Target: <delegation-id>.acme.edka.net

Make sure the record is DNS only (not proxied).

Step 2: Verify and issue

After DNS propagates, run the status check. Edka provisions the wildcard certificate with cert-manager and tracks DNS and certificate status.

Namespaces and secrets

  • Certificate name: wildcard-<domain-id>
  • Secret name: wildcard-<domain-id>-tls
  • Default namespace: default for standard domains, preview for preview domains.
  • Allowed namespaces control where the secret is mirrored. The certificate namespace is always included.

Using domains in deployments

  • Set a deployment hostname like api.example.com and enable ingress.
  • If the hostname matches a wildcard domain, wildcard TLS must be enabled and the secret must exist in the deployment namespace.
  • For preview environments, select a preview domain in the Git deployment settings.