Skip to content

moficodes/cert-manager-webhook-dnsimple

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

deploy/cert-manager-webhook-dnsimple

deploy/cert-manager-webhook-dnsimple

 
 

scripts

scripts

 
 

testdata/dnsimple

testdata/dnsimple

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

main_test.go

main_test.go

 
 

Repository files navigation

DNSIMPLE Webhook for Cert Manager

This is a webhook solver for dnsimple.

Prerequisites

Installation

Add the helm repo

helm repo add dnsimple-webhook https://moficodes.github.io/cert-manager-webhook-dnsimple

Check that the repo was added

helm repo list

Install the helm chart

helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n cert-manager

If you customized the installation of cert-manager, you may need to also set the certManager.namespace and certManager.serviceAccountName values.

helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n <custom-ns> --set certManager.namespace=<custom-ns> --set certManager.serviceAccountName=<custom-sa>

Issuer

  1. Create a new DNSimple Api Token.

  2. Create a secret to store your application secret:

    kubectl create secret generic dnsimple-credentials \
  --from-literal=accessToken='<DNSimple-access-token>'

  3. Create a certificate issuer:

    apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: '<YOUR_EMAIL_ADDRESS>'
    privateKeySecretRef:
      name: letsencrypt-account-key
    solvers:
    - dns01:
        webhook:
          groupName: 'acme.moficodes.com'
          solverName: dnsimple
          config:
            accountId: '<account-id>'
            accessTokenSecretRef:
              key: accessToken
              name: dnsimple-credentials

Certificate

Lets encrypt can automatically issue certs based on annotations. As discussed here

Or you can manually deploy a cert.

Issue a certificate:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: example-com
spec:
  dnsNames:
  - example.com
  - *.example.com
  issuerRef:
    name: letsencrypt
  secretName: example-com-tls

Development

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

Before you can run the test suite, you need to download the test binaries:

./scripts/fetch-test-binaries.sh

Then duplicate the *.sample files in testdata/dnsimple/ and update the configuration with the appropriate DNSIMPLE credentials.

Now you can run the test suite with:

TEST_ZONE_NAME=example.com. go test .

About

cert-manager-webhook for dnsimple.

Topics

dnsimple cert-manager cert-manager-webhook

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages