https://github.com/linka-cloud/cert-manager-webhook-k8s-dns-manager

Cert-Manager DNS challenge's webhook for k8s-dns-manager
https://github.com/linka-cloud/cert-manager-webhook-k8s-dns-manager

acme cert-manager cert-manager-webhook certificate clouddns dns dns-challenge dns-record dns-servers external-dns kubernetes letsencrypt

Last synced: 3 months ago
JSON representation

Cert-Manager DNS challenge's webhook for k8s-dns-manager

• Host: GitHub
• URL: https://github.com/linka-cloud/cert-manager-webhook-k8s-dns-manager
• Owner: linka-cloud
• License: apache-2.0
• Created: 2021-01-02T14:41:02.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2023-06-21T20:22:57.000Z (almost 2 years ago)
• Last Synced: 2024-12-30T07:23:14.410Z (5 months ago)
• Topics: acme, cert-manager, cert-manager-webhook, certificate, clouddns, dns, dns-challenge, dns-record, dns-servers, external-dns, kubernetes, letsencrypt
• Language: Go
• Homepage:
• Size: 105 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# [k8s-dns-manager](https://github.com/linka-cloud/k8s-dns-manager) Webhook for Cert Manager

## Prerequisites

* [cert-manager](https://github.com/jetstack/cert-manager) version 0.11.0 or higher (*tested with 0.12.0*):

    - [Installing on Kubernetes](https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm)

    

* [k8s-dns-manager](https://github.com/linka-cloud/k8s-dns-manager) installed and configured

## Installation

### Using Helm

1. Clone this repository:

   ```bash

   $ git clone https://github.com/linka-cloud/cert-manager-webhook-k8s-dns-manager.git && \

        cd cert-manager-webhook-k8s-dns-manager

   ```

2. Run:

    ```bash

    $ helm install cert-manager-webhook-k8s-dns ./deploy/cert-manager-webhook-k8s-dns

    ```

### Using kubectl

```bash

kubectl apply -f https://raw.githubusercontent.com/linka-cloud/cert-manager-webhook-k8s-dns-manager/main/deploy/manifests.yaml

```

## How to use it

Here is an example using the [Let's Encrypt staging environment](https://letsencrypt.org/docs/staging-environment/).

To go to the production environment, replace `https://acme-staging-v02.api.letsencrypt.org/directory` with

`https://acme-v02.api.letsencrypt.org/directory`

1. Create a certificate issuer:

    ```yaml

    apiVersion: cert-manager.io/v1alpha2

    kind: Issuer # or ClusterIssuer to have it available in every namespaces

    metadata:

      name: letsencrypt

    spec:

      acme:

        server: https://acme-staging-v02.api.letsencrypt.org/directory

        email: ''

        privateKeySecretRef:

          name: letsencrypt-account-key

        solvers:

        - dns01:

            webhook:

              groupName: acme.dns.linka.cloud

              solverName: k8s-dns

              config:

                namespace: cert-manager

    ```

2. Issue a certificate:

    

    ```yaml

    apiVersion: cert-manager.io/v1alpha2

    kind: Certificate

    metadata:

      name: example-com

    spec:

      dnsNames:

      - example.com

      - *.example.com

      issuerRef:

        name: letsencrypt

      secretName: example-com-tls

    ```

### Running the test suite

All DNS providers **must** run the DNS01 provider conformance testing suite,

else they will have undetermined behaviour when used with cert-manager.

The tests require Docker to be installed on the local machine, and 

[Kind](https://kind.sigs.k8s.io/docs/user/quick-start/), which is

downloaded when the tests are launched.

You can run the test suite with:

```bash

$ make verify

```

**The tests may fail at the first run, but should pass the next time.**