{"id":22394082,"url":"https://github.com/flant/cert-manager-webhook-regru","last_synced_at":"2026-01-12T04:53:29.534Z","repository":{"id":64459801,"uuid":"530270482","full_name":"flant/cert-manager-webhook-regru","owner":"flant","description":"The webhook and the ClusterIssuer resource for automatic provisioning of reg.ru SSL certificates in Kubernetes","archived":false,"fork":false,"pushed_at":"2024-12-20T12:04:33.000Z","size":60,"stargazers_count":51,"open_issues_count":5,"forks_count":16,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-07-31T12:30:40.253Z","etag":null,"topics":["cert-manager","cert-manager-webhook","cert-manager-webhook-regru","letsencrypt"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flant.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-08-29T15:03:38.000Z","updated_at":"2025-07-22T16:56:58.000Z","dependencies_parsed_at":"2024-06-19T05:28:32.186Z","dependency_job_id":"df9d795c-09c8-4918-8e9d-4f4f895f8bbf","html_url":"https://github.com/flant/cert-manager-webhook-regru","commit_stats":null,"previous_names":["flant/clusterissuer-regru"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/flant/cert-manager-webhook-regru","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flant%2Fcert-manager-webhook-regru","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flant%2Fcert-manager-webhook-regru/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flant%2Fcert-manager-webhook-regru/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flant%2Fcert-manager-webhook-regru/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flant","download_url":"https://codeload.github.com/flant/cert-manager-webhook-regru/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flant%2Fcert-manager-webhook-regru/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28335009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"online","status_checked_at":"2026-01-12T02:00:08.677Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","cert-manager-webhook","cert-manager-webhook-regru","letsencrypt"],"created_at":"2024-12-05T05:08:54.773Z","updated_at":"2026-01-12T04:53:29.517Z","avatar_url":"https://github.com/flant.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ClusterIssuer for the Regru API\n\n### Motivation\n\ncert-manager automates the management and issuance of TLS certificates in Kubernetes clusters. It ensures that certificates are valid and updates them when necessary.\n\nA certificate authority resource, such as ClusterIssuer, must be declared in the cluster to start the certificate issuance procedure. It is used to generate signed certificates by honoring certificate signing requests.\n\nFor some DNS providers, there are no predefined CusterIssuer resources. Fortunately, cert-manager allows you to write your own ClusterIssuer.\n\nThis solver allows you to use cert-manager with the Regru API. Documentation on the Regru API is available [here](https://www.reg.ru/reseller/api2doc).\n\n# Usage\n\n### Preparation\n\nYou must check access to the Regru API from your IP(s). You should do POST request with ContentType `multipart/form-data;`:\n\n```http\nPOST \"https://www.reg.ru/api/regru2/zone/get_resource_records\"\n\ninput_format: json\noutput_format: json\nio_encoding: utf8\ninput_data: {\"domains\":[{\"dname\":\"ZONE_NAME\"}],\"password\":\"PASSWORD\",\"username\":\"USER_NAME\"}\nshow_input_params: 0\nusername: USER_NAME\npassword: PASSWORD\n```\nwhere `USER_NAME` and `PASSWORD_STRING` are your credentials to access the Regru API, and `ZONE_NAME` is your domain.\n\nIf you doesn't have access, you get an error:\n\n```\n{\n   \"charset\" : \"utf-8\",\n   \"error_code\" : \"ACCESS_DENIED_FROM_IP\",\n   \"error_params\" : {\n      \"command_name\" : \"zone/get_resource_records\"\n   },\n   \"error_text\" : \"Access to API from this IP denied\",\n   \"messagestore\" : null,\n   \"result\" : \"error\"\n}\n```\nYou need to add your IP(s) to the whitelist in your personal account.\n\n### Install cert-manager (*optional step*)\n\n**ATTENTION!** You should not delete the cert-manager if you are already using it.\n\n\nUse the following command from the [official documentation](https://cert-manager.io/docs/installation/) to install cert-manager in your Kubernetes cluster:\n\n```shell\nkubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/VERSION/cert-manager.yaml\n```\n*  where `VERSION` is necessary version (for example, v1.15.4 )\n\n### Install the webhook\n```shell\ngit clone https://github.com/flant/cert-manager-webhook-regru.git\n```\n\nEdit the `values.yaml` file in the cloned repository and enter the appropriate values in the fields `zone`, `image`, `user`, `password`. Example:\n```yaml\nissuer:\n  image: ghcr.io/flant/cluster-issuer-regru:1.2.0\n  user: my_user@example.com\n  password: my_password\n```\n\nYou must also specify your namespace with the `cert-manager`.\n\n```yaml\ncertManager:\n  namespace: my-namespace-cert-manager\n  serviceAccountName: cert-manager\n```\n\nHere, `user` and `password` are credentials you use to authenticate with REG.RU.\n\nNext, run the following commands for the install webhook.\n\n```shell\ncd cert-manager-webhook-regru\nhelm install -n my-namespace-cert-manager regru-webhook ./helm\n```\n\n### Create a ClusterIssuer\n\nCreate the `ClusterIssuer.yaml` file with the following contents:\n```yaml\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: regru-dns\nspec:\n  acme:\n    # Email address used for ACME registration. REPLACE THIS WITH YOUR EMAIL!!!\n    email: mail@example.com\n    # The ACME server URL\n    server: https://acme-v02.api.letsencrypt.org/directory\n    privateKeySecretRef:\n      name: cert-manager-letsencrypt-private-key\n    solvers:\n      - dns01:\n          webhook:\n            config:\n              regruPasswordSecretRef:\n                name: regru-password\n                key: REGRU_PASSWORD\n            # groupName should be the same as `groupName.name` in `values.yaml` file.\n            groupName: acme.regru.ru\n            solverName: regru-dns\n```\nand create the resource:\n\n```shell\nkubectl create -f ClusterIssuer.yaml\n```\n\n#### Credentials\n\n**This secret resource is automatically installed by helm chart. So you do not need to create manually.**\n\nYou have to provide a `user` and `password` for the webhook so that it can access the HTTP API.\n\nNote that we use `regru-password` as the secret reference name in the `ClusterIssuer` example above. If you use a different name for the secret, make sure to edit the value of `regruPasswordSecretRef.name`.\n\nThe secret for the above example would be as follows:\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: regru-password\ndata:\n  REGRU_PASSWORD: {{ .Values.issuer.password | b64enc | quote }}\ntype: Opaque\n```\n\n### Create a certificate\n\nCreate the `certificate.yaml` file with the following contents:\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: changeme\n  namespace: changeme\nspec:\n  secretName: changeme\n  issuerRef:\n    name: regru-dns\n    kind: ClusterIssuer\n  dnsNames:\n    -  *.my-domain-test.ru\n```\n\n# Community\n\nPlease feel free to contact us if you have any questions.\n\nYou're also welcome to follow [@flant_com](https://twitter.com/flant_com) to stay informed about all our Open Source initiatives.\n\n# License\n\nApache License 2.0, see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflant%2Fcert-manager-webhook-regru","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflant%2Fcert-manager-webhook-regru","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflant%2Fcert-manager-webhook-regru/lists"}