https://github.com/moficodes/cert-manager-webhook-dnsimple

cert-manager-webhook for dnsimple.
https://github.com/moficodes/cert-manager-webhook-dnsimple

cert-manager cert-manager-webhook dnsimple

Last synced: about 2 months ago
JSON representation

cert-manager-webhook for dnsimple.

• Host: GitHub
• URL: https://github.com/moficodes/cert-manager-webhook-dnsimple
• Owner: moficodes
• License: apache-2.0
• Created: 2020-04-17T02:17:23.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2020-04-23T19:12:02.000Z (over 4 years ago)
• Last Synced: 2024-06-20T05:13:31.999Z (7 months ago)
• Topics: cert-manager, cert-manager-webhook, dnsimple
• Language: Go
• Homepage:
• Size: 44.6 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# DNSIMPLE Webhook for Cert Manager

This is a webhook solver for [dnsimple](https://dnsimple.com/).

## Prerequisites

* [cert-manager](https://github.com/jetstack/cert-manager) version 0.13.0 or higher (*tested with 0.14.0*):

  - [Installing on Kubernetes](https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm)

## Installation

Add the helm repo

```bash

helm repo add dnsimple-webhook https://moficodes.github.io/cert-manager-webhook-dnsimple

```

Check that the repo was added

```bash

helm repo list

```

Install the helm chart

```bash

helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n cert-manager

```

If you customized the installation of cert-manager, you may need to also set the `certManager.namespace` and `certManager.serviceAccountName` values.

```

helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n  --set certManager.namespace= --set certManager.serviceAccountName=

```

## Issuer

1. [Create a new DNSimple Api Token](https://support.dnsimple.com/articles/api-access-token/).

2. Create a secret to store your application secret:

    ```bash

    kubectl create secret generic dnsimple-credentials \

      --from-literal=accessToken=''

    ```

3. Create a certificate issuer:

    ```yaml

    apiVersion: certmanager.k8s.io/v1alpha1

    kind: Issuer

    metadata:

      name: letsencrypt

    spec:

      acme:

        server: https://acme-v02.api.letsencrypt.org/directory

        email: ''

        privateKeySecretRef:

          name: letsencrypt-account-key

        solvers:

        - dns01:

            webhook:

              groupName: 'acme.moficodes.com'

              solverName: dnsimple

              config:

                accountId: ''

                accessTokenSecretRef:

                  key: accessToken

                  name: dnsimple-credentials

    ```

## Certificate

Lets encrypt can automatically issue certs based on annotations. As discussed [here](https://cert-manager.io/docs/usage/ingress/#how-it-works)

Or you can manually deploy a cert.

Issue a certificate:

```yaml

apiVersion: certmanager.k8s.io/v1alpha1

kind: Certificate

metadata:

  name: example-com

spec:

  dnsNames:

  - example.com

  - *.example.com

  issuerRef:

    name: letsencrypt

  secretName: example-com-tls

```

## Development

All DNS providers **must** run the DNS01 provider conformance testing suite,

else they will have undetermined behaviour when used with cert-manager.

**It is essential that you configure and run the test suite when creating a

DNS01 webhook.**

An example Go test file has been provided in [main_test.go]().

Before you can run the test suite, you need to download the test binaries:

```bash

./scripts/fetch-test-binaries.sh

```

Then duplicate the `*.sample` files in `testdata/dnsimple/` and update the configuration with the appropriate DNSIMPLE credentials.

Now you can run the test suite with:

```bash

TEST_ZONE_NAME=example.com. go test .

```