Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jkahrs/cert-manager-webhook-hostingde

Cert manager webhook for hosting.de DNS API
https://github.com/jkahrs/cert-manager-webhook-hostingde

Last synced: 3 months ago
JSON representation

Cert manager webhook for hosting.de DNS API

Host: GitHub
URL: https://github.com/jkahrs/cert-manager-webhook-hostingde
Owner: jkahrs
License: apache-2.0
Created: 2021-03-12T15:04:17.000Z (over 3 years ago)
Default Branch: master
Last Pushed: 2024-04-19T09:38:59.000Z (7 months ago)
Last Synced: 2024-05-18T18:03:10.649Z (6 months ago)
Language: Go
Size: 87.9 KB
Stars: 3
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ACME webhook for hosting.de DNS API

This solver can be used when you want to use cert-manager with the hosting.de DNS API. API documentation is [here](https://www.hosting.de/api/)

## Requirements

-   [go](https://golang.org/) >= 1.14.0

-   [helm](https://helm.sh/) >= v3.0.0

-   [kubernetes](https://kubernetes.io/) >= v1.14.0

-   [cert-manager](https://cert-manager.io/) >= 0.15.0

## Installation

### cert-manager

Follow the [instructions](https://cert-manager.io/docs/installation/) using the cert-manager documentation to install it within your cluster.

### Webhook

```bash

helm install --namespace cert-manager cert-manager-webhook-hostingde deploy/cert-manager-webhook-hostingde

```

**Note**: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

To uninstall the webhook run

```bash

helm uninstall --namespace cert-manager cert-manager-webhook-hostingde

```

Alternatively, generate manifests from the template and apply them manually:

```bash

helm template --namespace cert-manager cert-manager-webhook-hostingde deploy/cert-manager-webhook-hostingde

```

## Issuer

Create a `ClusterIssuer` or `Issuer` resource as following:

```yaml

---

apiVersion: cert-manager.io/v1

kind: ClusterIssuer

metadata:

  name: letsencrypt-staging

spec:

  acme:

    # The ACME server URL

    server: https://acme-staging-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration

    email: [email protected]

    # Name of a secret used to store the ACME account private key

    privateKeySecretRef:

      name: letsencrypt-staging

    solvers:

      - dns01:

          webhook:

            groupName: hosting.de

            solverName: hostingde

            config:

              secretName: hostingde-secret

              zoneName: example.com # (Optional): When not provided the Zone will searched via API by recursion on full domain name

              TTL: 60

```

### Credentials

In order to access the hosting.de API, the webhook needs an API token.

If you choose another name for the secret than `hostingde-secret`, ensure you modify the value of `secretName` in the `[Cluster]Issuer`.

The secret for the example above will look like this:

```yaml

---

apiVersion: v1

kind: Secret

metadata:

  name: hostingde-secret

  namespace: cert-manager

type: Opaque

data:

  api-key: your-key-base64-encoded

```

### Create a certificate

Finally you can create certificates, for example:

```yaml

---

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

  name: example-cert

  namespace: default

spec:

  commonName: example.com

  dnsNames:

    - example.com

  issuerRef:

    name: letsencrypt-staging

    kind: ClusterIssuer

  secretName: example-cert

```

or via Ingress:

```yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  name: hello-world

  annotations:

    cert-manager.io/cluster-issuer: letsencrypt-staging

spec:

  tls:

    - hosts:

        - "example.com"

      secretName: hello-world

  rules:

    - host: "example.com"

      http:

        paths:

          - path: /

            pathType: ImplementationSpecific

            backend:

              service:

                name: hello-world

                port:

                  number: 80

```

## Development

### Running the test suite

All DNS providers **must** run the DNS01 provider conformance testing suite,

else they will have undetermined behaviour when used with cert-manager.

**It is essential that you configure and run the test suite when creating a

DNS01 webhook.**

First, you need to have hosting.de account with access to the DNS control panel. You need to create an API token and have a registered DNS zone there.

Then you need to copy `testdata-template` to `testdata`. Optionally replace the `zoneName` parameter at `testdata/hostingde/config.json` file with an actual one. If `zoneName` is not provided it will be searched via the API by recursion starting from `TEST_ZONE_NAME`

You also must encode your api token into base64 and put it into the `testdata/hostingde/secret.yml` file:

In case there is a source IP restriction for the API key, you will also need to add your public IP address in the hosting.de control panel.

```bash

echo -n APIKEY | base64

```

You can then run the test suite with:

```bash

# first install necessary binaries (only required once)

scripts/fetch-test-binaries.sh

# then run the tests

TEST_ZONE_NAME=example.org. make verify

```

### Create a new release

1. Increase `version` in `Chart.yaml`.

1. Create a GitHub release with the same value, e.g. `1.2.0`.