Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mecodia/cert-manager-webhook-hetzner

A cert-manager integration with Hetzner DNS
https://github.com/mecodia/cert-manager-webhook-hetzner

cert-manager cert-manager-webhook hcloud hetzner hetzner-cloud kubernetes

Last synced: about 1 month ago
JSON representation

A cert-manager integration with Hetzner DNS

Host: GitHub
URL: https://github.com/mecodia/cert-manager-webhook-hetzner
Owner: mecodia
License: apache-2.0
Archived: true
Fork: true (cert-manager/webhook-example)
Created: 2020-05-28T12:34:55.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-06-24T09:39:21.000Z (3 months ago)
Last Synced: 2024-06-24T11:11:48.963Z (3 months ago)
Topics: cert-manager, cert-manager-webhook, hcloud, hetzner, hetzner-cloud, kubernetes
Language: Go
Homepage:
Size: 209 KB
Stars: 17
Watchers: 2
Forks: 12
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-starred - mecodia/cert-manager-webhook-hetzner - A cert-manager integration with Hetzner DNS (kubernetes)

README

        **ARCHIVED PROJECT**

We recommend using  instead.

# ACME Webhook for Hetzner DNS

This project provides a [cert-manager](https://cert-manager.io) ACME Webhook for [Hetzner DNS](https://hetzner.de/) 

and is based on the [Example Webhook](https://github.com/jetstack/cert-manager-webhook-example)

This README and the inspiration for this webhook was mostly taken from [Stephan Müllers INWX Webhook](https://gitlab.com/smueller18/cert-manager-webhook-inwx).

The Helm Chart is automatically published via [github pages](https://mecodia.github.io/cert-manager-webhook-hetzner/).

## Requirements

-   [helm](https://helm.sh/) >= v3.0.0

-   [kubernetes](https://kubernetes.io/)

-   [cert-manager](https://cert-manager.io/)

### Last tested version combination

- webhook image: v0.4.0

- cert-manager: v1.12.5

- kubernetes:  v1.26.7

## Configuration

The following table lists the configurable parameters of the cert-manager chart and their default values.

| Parameter | Description | Default |

| --------- | ----------- | ------- |

| `groupName` | Group name of the API service. | `dns.hetzner.cloud` |

| `certManager.namespace` | Namespace where cert-manager is deployed to. | `kube-system` |

| `certManager.serviceAccountName` | Service account of cert-manager installation. | `cert-manager` |

| `image.repository` | Image repository | `mecodia/cert-manager-webhook-hetzner` |

| `image.tag` | Image tag | `latest` |

| `image.pullPolicy` | Image pull policy | `Always` |

| `service.type` | API service type | `ClusterIP` |

| `service.port` | API service port | `443` |

| `resources` | CPU/memory resource requests/limits | `{}` |

| `nodeSelector` | Node labels for pod assignment | `{}` |

| `affinity` | Node affinity for pod assignment | `{}` |

| `tolerations` | Node tolerations for pod assignment | `[]` |

## Installation

### cert-manager

Follow the [instructions](https://cert-manager.io/docs/installation/) using the cert-manager documentation to install it within your cluster.

### Webhook

```bash

git clone https://github.com/mecodia/cert-manager-webhook-hetzner.git

cd cert-manager-webhook-hetzner

helm install --namespace kube-system cert-manager-webhook-hetzner ./charts/cert-manager-webhook-hetzner

```

**Note**: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

To uninstall the webhook run

```bash

helm uninstall --namespace kube-system cert-manager-webhook-hetzner

```

## Issuer

Create a `ClusterIssuer` or `Issuer` resource as following:

```yaml

apiVersion: cert-manager.io/v1

kind: ClusterIssuer

metadata:

  name: letsencrypt-staging

spec:

  acme:

    # The ACME server URL (attention, this is the staging one!)

    server: https://acme-staging-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration

    email: [email protected] # REPLACE THIS WITH YOUR EMAIL!!!

    # Name of a secret used to store the ACME account private key

    privateKeySecretRef:

      name: letsencrypt-staging-account-key

    solvers:

      - dns01:

          webhook:

            groupName: dns.hetzner.cloud

            solverName: hetzner

            config:

              APIKey: 

```

### Credentials

For accessing the Hetzner DNS API, you need an API Token which you can create in the [DNS Console](https://dns.hetzner.com/settings/api-token).

Currently, we don't provide a way to use secrets for you API KEY.

### Create a certificate

Finally, you can create certificates, for example:

```yaml

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

  name: example-wildcard-cert

  namespace: cert-manager

spec:

  commonName: "*.example.com"

  dnsNames:

    - "*.example.com"

  issuerRef:

    kind: ClusterIssuer

    name: letsencrypt-staging

  secretName: example-cert

```

## Development

### Requirements

-   [go](https://golang.org/) >= 1.21

### Running the test suite

1. Create a new test account at [Hetzner DNS Console](https://dns.hetzner.com/) or use an existing account

1. Go to `testdata/hcloud-dns/config.json` and replace your api key.

1. Download dependencies

    ```bash

    go mod download

    ```

1. Run tests (replace zone name with one of your zones)

   ```bash

   env TEST_ZONE_NAME='warbl.net.' make test

   ```

   

## Releases

Dockerhub is set up to automatically build images from tagged commits.

Example tags are:

```text

cert-manager-webhook-hetzner-0.3.0-rc4

cert-manager-webhook-hetzner-0.3.0

cert-manager-webhook-hetzner-0.1

cert-manager-webhook-hetzner-1.1

```

Github should take care of the helm chart updates.