cert-manager-webhook-joker

command module
v0.0.0-...-171d8b6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

README

cert-manager webhook for joker.com DNS

cert-manager ACME DNS01 webhook provider for joker.com.

Prequesites

The following components needs to be already installed on a Kubernetes cluster:

  • Kubernetes (>= v1.11.0)
  • cert-manager (>= v0.14.0)
  • helm (>= v3.0.0)

At joker.com you need to enable Dynamic DNS to get credentials for API access. You can find the documentation here.

Installation

  1. Create a Kubernetes secret which will hold your joker DynDNS authentication credentials (base64 representation):
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: joker-credentials
  namespace: kube-system
data:
  username: <joker Username>
  password: <joker Password>
EOF
  1. Grant permission to get the secret to cert-manager-webhook-joker service account:
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
 name: cert-manager-webhook-joker:secret-reader
 namespace: kube-system
rules:
- apiGroups: [""]
 resources: ["secrets"]
 resourceNames: ["joker-credentials"]
 verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
 name: cert-manager-webhook-joker:secret-reader
 namespace: kube-system
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
 name: cert-manager-webhook-joker:secret-reader
subjects:
- apiGroup: ""
 kind: ServiceAccount
 name: cert-manager-webhook-joker
EOF
  1. Clone the github repository:
git clone https://github.com/4nx/cert-manager-webhook-joker.git
  1. Install the Helm chart with:
helm upgrade --install cert-manager-webhook-joker --namespace cert-manager deploy/cert-manager-webhook-joker
  1. Create a certificate issuer with the letsencrypt staging ca for testing purposes (you must insert your e-mail address):
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging-dns01
spec:
  acme:
    # Change to your letsencrypt email
    email: <your email>
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging-account-key
    solvers:
    - dns01:
        webhook:
          groupName: acme.yourcompany.com
          solverName: joker
          config:
            baseURL: https://svc.joker.com/nic/replace
            dnsType: TXT
            userNameSecretRef:
              name: joker-credentials
              key: username
            passwordSecretRef:
              name: joker-credentials
              key: password
EOF
  1. Issue a test certificate (replace the test urls in here):
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: example-tls
spec:
  secretName: example-com-tls
  commonName: example.com
  dnsNames:
  - example.com
  - "*.example.com"
  issuerRef:
    name: letsencrypt-staging-dns01
    kind: ClusterIssuer
EOF

Development

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

Before you can run the test suite, you need to download the test binaries:

./scripts/fetch-test-binaries.sh

Then duplicate the .sample files in testdata/joker/ and update the configuration with the appropriate Joker.com credentials.

Now you can run the test suite with:

TEST_ZONE_NAME=example.com. go test .

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.