Instance level SSL and custom domain support
This is the first step of Instance / group / project level serverless domains with SSL (&2136)
First Iteration Proposal
Provide a way for the user to manage the cluster at the instance level. We are not adding the ability to utilize Let's Encrypt in this first iteration. This means that at the instance level, the user needs to be able to add a domain, a certificate, and a key.
We'll create a new settings area under
Admin > Settings > Operations and provide the following fields:
All fields are required. We throw a validation if the field is not filled out.
Verifying a domain
Once the domain is added, we provide a CNAME record and verification key. We also show whether the domain is verified in a badge and allow the user to refresh the verification status.
Removing a certificate
We also show the certificate, and the user has the ability to remove the certificate. If they do remove it, then the UI remains the same, but the certificate section show the Cert and Key fields instead (same as pages).
If the user removes the certificate, the
Save changes button becomes enabled. The user must add the new cert + key. If it remains blank and they try to save, we throw a validation. If a new cert is not added and they navigate away, then the old cert remains.
Selecting a domain at the cluster level
On the cluster page, we will provide an option to either select the existing domain or utilize a new one. This mimics the pattern we are using for protected branches.
If the user chooses to utilize a new domain, SSL is not provided because it was decided that was out of scope.
Deleting an instance domain
The user is able to delete the domain. A modal confirmation should appear as this could be a breaking change. Modal copy:
Delete serverless domain?
You are about to delete
domain.comfrom your instance. This domain will no longer be available to any Knative application.
If a cluster was utilizing an instance domain that was deleted, we remove it from the UI and show a validation saying a new domain needs to be chosen.
- UI for creating domain in instance
- UI for choosing domain at cluster level
Backend details defined below in #35591 (comment 250505939)