https://github.com/zachomedia/cert-manager-webhook-pdns
A PowerDNS webhook for cert-manager
https://github.com/zachomedia/cert-manager-webhook-pdns
acme cert-manager cert-manager-webhook letsencrypt pdns powerdns
Last synced: 6 months ago
JSON representation
A PowerDNS webhook for cert-manager
- Host: GitHub
- URL: https://github.com/zachomedia/cert-manager-webhook-pdns
- Owner: zachomedia
- License: mit
- Created: 2019-06-25T05:41:23.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2025-02-19T13:55:52.000Z (8 months ago)
- Last Synced: 2025-03-31T09:07:22.161Z (6 months ago)
- Topics: acme, cert-manager, cert-manager-webhook, letsencrypt, pdns, powerdns
- Language: Go
- Homepage:
- Size: 229 KB
- Stars: 65
- Watchers: 4
- Forks: 36
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PowerDNS cert-manager ACME webhook
## Installing
To install with helm, run:
```bash
$ helm repo add cert-manager-webhook-pdns https://zachomedia.github.io/cert-manager-webhook-pdns
$ helm install cert-manager-webhook-pdns cert-manager-webhook-pdns/cert-manager-webhook-pdns
```
Without helm, run:
```bash
$ make rendered-manifest.yaml
$ kubectl apply -f _out/rendered-manifest.yaml
```
### Issuer/ClusterIssuer
An example issuer:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: pdns-api-key
type: Opaque
data:
key: APIKEY_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: certificates@example.ca
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-account-key
solvers:
- dns01:
webhook:
groupName: acme.zacharyseguin.ca
solverName: pdns
config:
# Base URL of the PowerDNS server.
host: https://ns1.example.ca
# Reference to the Kubernetes secret containing the API key.
apiKeySecretRef:
name: pdns-api-key
key: key
###
### OPTIONAL
###
# API Key scheme https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
# default: no scheme ""
apiKeyScheme: ""
# Header name for API key
#
# This defaults to X-API-Key when unset but supports customizations
# e.g. Authorization
apiKeyHeaderName: ""
# Server ID for the PowerDNS API.
# When unset, defaults to "localhost".
#
# This should generally be left unset, and used
# only if you have a proxy in front of the PowerDNS API
# that requires a different value.
serverID: localhost
# Request headers when connecting to the PowerDNS API.
# The following headers are set by default, but can be overriden:
# X-API-Key
# Content-Type
headers:
key: value
# CA bundle for TLS connections
# When unset, the default system certificate store is used.
caBundle: BASE64_ENCODED_CA_BUNDLE
# TTL for DNS records
# (in seconds)
ttl: 120
# Timeout for requests to the PDNS api server
# (in seconds)
timeout: 30
# If the server is only allowed to edit certain zones; the
# default is an empty list, allowing everything.
# *IMPORTANT*: Remember the trailing dot to make the zone-name
# fully qualified.
allowed-zones:
- example.com.
- example.org.
- example.net.
```
And then you can issue a cert:
```yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: test-example-ca
namespace: default
spec:
secretName: example-com-tls
dnsNames:
- example.ca
- www.example.ca
issuerRef:
name: letsencrypt-staging
kind: Issuer
group: cert-manager.io
```
## Development
### Running the test suite
You can run the test suite with:
1. `make setup`
2. `make test`
This requires `openssl`, `docker` and `docker-compose` to be installed.