{"id":15678076,"url":"https://github.com/kaelzhang/cert-manager-webhook-dnspod","last_synced_at":"2025-08-01T08:37:50.265Z","repository":{"id":57558978,"uuid":"226028475","full_name":"kaelzhang/cert-manager-webhook-dnspod","owner":"kaelzhang","description":"Cert-manager webhook for DNSPod","archived":false,"fork":false,"pushed_at":"2022-05-15T13:34:18.000Z","size":94,"stargazers_count":13,"open_issues_count":2,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-28T12:38:13.968Z","etag":null,"topics":["acme","cert-manager","cert-manager-webhook","dnspod","dnspod-provider-solver","letsencrypt","webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kaelzhang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-05T06:06:01.000Z","updated_at":"2025-02-04T17:56:04.000Z","dependencies_parsed_at":"2022-08-28T09:32:25.428Z","dependency_job_id":null,"html_url":"https://github.com/kaelzhang/cert-manager-webhook-dnspod","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/kaelzhang/cert-manager-webhook-dnspod","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelzhang%2Fcert-manager-webhook-dnspod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelzhang%2Fcert-manager-webhook-dnspod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelzhang%2Fcert-manager-webhook-dnspod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelzhang%2Fcert-manager-webhook-dnspod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kaelzhang","download_url":"https://codeload.github.com/kaelzhang/cert-manager-webhook-dnspod/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaelzhang%2Fcert-manager-webhook-dnspod/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268192592,"owners_count":24210541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","cert-manager","cert-manager-webhook","dnspod","dnspod-provider-solver","letsencrypt","webhook"],"created_at":"2024-10-03T16:16:08.256Z","updated_at":"2025-08-01T08:37:50.235Z","avatar_url":"https://github.com/kaelzhang.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cert-Manager ACME webhook for DNSPod\n\nCert-manager webhook for DNSPod is a ACME webhook for [cert-manager](https://cert-manager.io) allowing users to use [DNSPod](https://www.dnspod.cn) for DNS01 challenge.\n\nThis is a **permanent** fork of [qqshfox/cert-manager-webhook-dnspod](https://github.com/qqshfox/cert-manager-webhook-dnspod) which is lack of maintainence.\n\nFeatures\n- Updated to cert-manager 1.1.0\n- Updated to client-go 0.19.4\n- No hardcoding in helm chart\n\nTested on production environment of\n- Kubernetes 1.18.3\n\n## Prerequisites\n\n- A DNSPod [APP ID and API Token](https://support.dnspod.cn/Kb/showarticle/tsid/227/)\n- A valid domain configured on DNSPod\n- A Kubernetes cluster (v1.18+ recommended)\n- Have [cert-manager](https://github.com/jetstack/cert-manager): \u003e= 1.1.0 [installed](https://cert-manager.io/docs/installation/kubernetes/) within your kubernetes cluster.\n- [Helm 3 installed](https://helm.sh/docs/intro/install/) on your local computer\n\n## Installation\n\n### Prepare for DNSPod\n\nCreate secret to store the API Token\n\n```sh\nkubectl --namespace cert-manager create secret generic \\\n  dnspod-credentials --from-literal=api-token='\u003cDNSPOD_API_TOKEN\u003e'\n```\n\n### Install `cert-manager-webhook-dnspod`\n\nClone this repository:\n\n```\ngit clone https://github.com/kaelzhang/cert-manager-webhook-dnspod.git\n```\n\nYou need to create a `values.yaml` file to override the default value of `groupName` for the helm chart.\n\n```yaml\n# The `groupName` here should be same as the value in cluster issuer below\ngroupName: \u003cyour group name\u003e\n```\n\n```\nhelm install cert-manager-webhook-dnspod ./charts \\\n  --namespace cert-manager \\\n  -f values.yaml\n```\n\n### Issuer\n\nCreate a production issuer (And you could create a staging letsencrypt issuer instead if necessary)\n\nCreate a `cluster-issuer.yaml` file with the following content:\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-prod\nspec:\n  acme:\n    # The ACME server URL\n    server: https://acme-v02.api.letsencrypt.org/directory\n\n    # Email address used for ACME registration\n    email: \u003cyour email\u003e\n\n    # Name of a secret used to store the ACME account private key\n    privateKeySecretRef:\n      name: letsencrypt-prod\n\n    solvers:\n    - dns01:\n        webhook:\n          groupName: \u003cyour group name\u003e\n          solverName: dnspod\n          config:\n            apiID: \u003cyour dnspod api id\u003e\n            apiTokenSecretRef:\n              key: api-token\n              name: dnspod-credentials\n```\n\nAnd run:\n\n```\nkubectl create -f cluster-issuer.yaml\n```\n\n### Certificate\n\n#### Use Ingress to create the Certificate resource (Recommended)\n\nA common use-case for cert-manager is requesting TLS signed certificates to secure your ingress resources.\n\nThis can be done by simply adding annotations to your Ingress resources and cert-manager will facilitate creating the Certificate resource for you without your concern. A small sub-component of cert-manager, ingress-shim, is responsible for this.\n\nFor details, see [here](https://cert-manager.io/docs/usage/ingress/)\n\nCreate a `ingress.yaml` file with the following content:\n\n```yaml\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n  name: demo-ingress\n  namespace: default\n  annotations:\n    # Should be the same as metadata.name of the cluster issuer\n    cert-manager.io/cluster-issuer: \"letsencrypt-prod\"\nspec:\n  tls:\n  - hosts:\n    - 'example.com'\n    # Pick any name as you wish\n    secretName: example-com-tls\n  rules:\n  - host: example.com\n    http:\n      paths:\n      - path: /\n        backend:\n          serviceName: backend-service\n          servicePort: 80\n```\n\nAnd run:\n\n```\nkubectl create -f ingress.yaml\n```\n\n#### Define the Certificate resource explicitly (Alternative)\n\nIf you don't use Ingress, you could define the certificate resource your own\n\nCreate a `certificate.yaml`:\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  # You could replace this name to your own\n  # Pick any name as you wish\n  name: example-com # for example.com\nspec:\n  # Pick any name as you wish\n  secretName: example-com-tls\n  renewBefore: 240h\n  dnsNames:\n    - 'example.com'\n  issuerRef:\n    # The cluster issuer defined above\n    name: letsencrypt-prod\n    kind: ClusterIssuer\n```\n\nAnd run:\n\n```\nkubectl create -f certificate.yaml\n```\n\n### Check the result:\n\nIf the certificate is ready, you could see the following result:\n\n```\n$ kubectl get certificate\n\nNAME          READY  SECRET           AGE\nexample-com   True   example-com-tls  2m1s\n```\n\n****\n\n\u003e For contributors\n\n## Development\n\nBefore you can run the test suite, you need to download the test binaries:\n\n```sh\nwget -O- https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.14.1-darwin-amd64.tar.gz | tar x -\n```\n\nThen rename `testdata/my-custom-solver.example` as `testdata/my-custom-solver` and fulfill the values of DNSPod appId (`\u003cyour-dnspod-api-id\u003e`) and apiToken (`\u003cyour-dnspod-api-token-base64\u003e`).\n\nNow we could run tests in debug mode with dlv\n\n```sh\n# You should change GROUP_NAME and TEST_ZONE_NAME to your own ones\nGROUP_NAME=yourdomain.com \\\nTEST_ZONE_NAME=yourdomain.com. \\\ndlv test . -- -test.v\n```\n\nOr just run tests\n\n```sh\nGROUP_NAME=yourdomain.com \\\nTEST_ZONE_NAME=yourdomain.com. \\\ngo test -v\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaelzhang%2Fcert-manager-webhook-dnspod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaelzhang%2Fcert-manager-webhook-dnspod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaelzhang%2Fcert-manager-webhook-dnspod/lists"}