webhook-cert-manager-ns1

command module

v0.0.0-...-3ca4d0c Latest Latest Go to latest Published: Dec 10, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ns1labs/webhook-cert-manager-ns1

Links

Open Source Insights

README ¶

ACME webhook for NS1 DNS API

This solver plug in for cert-manager is used on kubernetes to resolve letsencrypt DNS challenges considering your domain is hosted by NS1 managed DNS. API documentation is here

Requirements

go >= 1.16.0
helm >= v3.0.0
kubernetes >= v1.21.0
cert-manager >= v1.6.1

Installation

1 - Get your NS1 API key:

Log in on ns1.com and obtain an api secret, so create a k8s secret with index api-key on cert-manager namespace, such as:

kubectl create secret generic ns1-api-secret --from-literal=api-key='xxxxxxx' -n cert-manager

2 - Install cert-manager-webhook-ns1 from local checkout

INSTALL:

helm install --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/ --set groupName=acme.mydomain.com

UNINSTALL:

helm uninstall --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/

Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

From local checkout

3 - Add NS1 ClusterIssuer into k8s cluster

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-ns1
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory # production server, change to staging for tests

    # Email address used for ACME registration
    email: myemail@mydomain.com # REPLACE THIS WITH YOUR EMAIL!!!

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-ns1

    solvers:
      - dns01:
          webhook:            
            groupName: acme.mydomain.com
            solverName: ns1
            config:
              apiKeySecretRef: ns1-api-secret
              zoneName: mydomain.com

4 - Add wildcard certificate for domains

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-tls
  namespace: orb-live
spec:
  dnsNames:
    - '*.mydomain.com'
    - mydomain.com
  issuerRef:
    name: letsencrypt-ns1
    kind: ClusterIssuer
  secretName: cert-tls

5 - If necessary, add redirect to one domain to the base domain

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/permanent-redirect: "https://mydomain.com/"
  name: endpoint-redirect
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - app.mydomain.com
    secretName: cert-tls
  rules:
  - host: app.mydomain.com

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL