{"id":19141297,"url":"https://github.com/ans-group/cert-manager-webhook-safedns","last_synced_at":"2026-06-10T02:30:17.580Z","repository":{"id":63955542,"uuid":"249674430","full_name":"ans-group/cert-manager-webhook-safedns","owner":"ans-group","description":null,"archived":false,"fork":false,"pushed_at":"2022-11-28T11:05:30.000Z","size":42,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-01-03T15:14:16.555Z","etag":null,"topics":["cert-manager-webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ans-group.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-24T10:10:50.000Z","updated_at":"2022-07-27T14:27:40.000Z","dependencies_parsed_at":"2022-11-30T07:34:26.346Z","dependency_job_id":null,"html_url":"https://github.com/ans-group/cert-manager-webhook-safedns","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ans-group%2Fcert-manager-webhook-safedns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ans-group%2Fcert-manager-webhook-safedns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ans-group%2Fcert-manager-webhook-safedns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ans-group%2Fcert-manager-webhook-safedns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ans-group","download_url":"https://codeload.github.com/ans-group/cert-manager-webhook-safedns/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240222500,"owners_count":19767458,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager-webhook"],"created_at":"2024-11-09T07:22:33.290Z","updated_at":"2026-06-10T02:30:17.522Z","avatar_url":"https://github.com/ans-group.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cert-manager-webhook-safedns\n\n### Installing\n\nThe webhook can be installed with Helm as below:\n\n* `helm repo add ans https://ans-group.github.io/helm-charts`\n* `helm repo update`\n* `helm install cert-manager-webhook-safedns ans/cert-manager-webhook-safedns`\n\n\u003e :warning: Installing via Helm currently requires Kubernetes `v1.17.0` and above (due to missing permissions in `extension-apiserver-authentication-reader`).\n  this can be worked around by either creating a new role/role binding, or adding the following permissions to the `extension-apiserver-authentication-reader` role:\n\n```\n- apiGroups:\n  - \"\"\n  resourceNames:\n  - extension-apiserver-authentication\n  resources:\n  - configmaps\n  verbs:\n  - list\n- apiGroups:\n  - \"\"\n  resourceNames:\n  - extension-apiserver-authentication\n  resources:\n  - configmaps\n  verbs:\n  - watch\n```\n\nHelm values can be found within the [chart repository](https://github.com/ans-group/helm-charts/tree/master/charts/cert-manager-webhook-safedns)\n\n### Getting started\n\nThe SafeDNS webhook requires an API key with read/write permissions. This should be obtained via the ANS Portal before continuing\n\nFirst, we'll create a `Secret` containing our API key:\n\n```\nkubectl create secret generic safedns-api-key --from-literal=api_key=\u003cAPI_KEY\u003e\n```\n\nNext, we'll configure a LetsEncrypt `Issuer` using the SafeDNS `solver`:\n\n```\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: cert-manager.io/v1\nkind: Issuer\nmetadata:\n  name: letsencrypt-prod-safedns\nspec:\n  acme:\n    email: admin@example.com\n    privateKeySecretRef:\n      name: letsencrypt-prod\n    server: https://acme-v02.api.letsencrypt.org/directory\n    solvers:\n    - dns01:\n        webhook:\n          solverName: safedns\n          groupName: acme.k8s.ans.io\n          config:\n            apiKeySecretRef:\n              name: safedns-api-key\n              key: api_key\nEOF\n```\n\nFinally, we'll create our certificate:\n\n```\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: wildcard-example-com\nspec:\n  dnsNames:\n  - '*.example.com'\n  issuerRef:\n    kind: Issuer\n    name: letsencrypt-prod-safedns\n  secretName: wildcard-example-com-tls\nEOF\n```\n\n### Running the test suite\n\n`apikey.yml` should first be created in `testdata/safedns` (example at `testdata/safedns/apikey.sample.yml`) before executing the test suite.\nThese tests require several binaries, which can be downloaded via `scripts/fetch-test-binaries.sh`\n\nThe test suite is executed via `go test` as below:\n\n```bash\n$ TEST_ZONE_NAME=example.com. go test .\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fans-group%2Fcert-manager-webhook-safedns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fans-group%2Fcert-manager-webhook-safedns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fans-group%2Fcert-manager-webhook-safedns/lists"}