README
¶
Ionos webhook for cert manager
Cert-manager ACME DNS webhook provider for ionos. see: https://cert-manager.io/docs/configuration/acme/dns01/webhook/
Install
Install cert manager
see: https://cert-manager.io/docs/installation/kubernetes/
Install webhook
Add helm repo
helm repo add cert-manager-webhook-ionos https://fabmade.github.io/cert-manager-webhook-ionos
install helm chart
helm install cert-manager-webhook-ionos cert-manager-webhook-ionos/cert-manager-webhook-ionos -ncert-manager
add secret
apiVersion: v1
stringData:
IONOS_PUBLIC_PREFIX: <your-public-key>
IONOS_SECRET: <your-private-key>
kind: Secret
metadata:
name: ionos-secret
namespace: cert-manager
type: Opaque
add staging issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-ionos-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: <your-email>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-staging-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.fabmade.de
solverName: ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: IONOS_PUBLIC_PREFIX
name: ionos-secret
secretKeySecretRef:
key: IONOS_SECRET
name: ionos-secret
add prod issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-ionos-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: <your-email-address>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-prod
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.fabmade.de
solverName: ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: IONOS_PUBLIC_PREFIX
name: ionos-secret
secretKeySecretRef:
key: IONOS_SECRET
name: ionos-secret
add ingress or certificate for example.com domain (replace it with your domain)
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-test-com
spec:
dnsNames:
- '*.example.com'
issuerRef:
name: letsencrypt-ionos-staging
secretName: example-test-com-tls
replace service "mybackend" with your own service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: letsencrypt-ionos-staging
name: example-wildcard-ingress
spec:
rules:
- host: '*.example.com'
http:
paths:
- backend:
service:
name: mybackend
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- '*.example.com'
secretName: example-ionos-tls-prod
share secrets accross namespaces (optional)
https://cert-manager.io/docs/faq/kubed/
Uninstall webhook
helm uninstall cert-manager-webhook-ionos -ncert-manager
Running the test suite
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
You can run the test suite with:
$ TEST_ZONE_NAME=example.com. make test
The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.
Documentation
¶
There is no documentation for this package.
Source Files
Directories