cert-manager-webhook-hosttech

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

README

ACME webhook for the hosttech DNS API

This solver can be used when you want to use the cert-manager with the hosttech DNS API.

Installation

cert-manager

Follow the instructions using the cert-manager documentation to install it within your cluster.

Webhook
Using the public Helm chart
helm repo add piccobit https://piccobit.github.io/helm-charts
# Replace the groupName value with your desired domain.
helm install --namespace cert-manager cert-manager-webhook-hosttech piccobit/cert-manager-webhook-hosttech --set groupName=acme.yourdomain.tld
From a local checkout
helm install --namespace cert-manager cert-manager-webhook-hosttech .

Note: The Kubernetes resources used to install the webhook should be deployed within the same namespace as the cert-manager.

To uninstall the webhook run

helm uninstall --namespace cert-manager cert-manager-webhook-hosttech

Issuer / ClusterIssuer

Create a ClusterIssuer or Issuer resource as following:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration
    email: mail@example.com # REPLACE THIS WITH YOUR EMAIL!!!

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging

    solvers:
      - dns01:
          webhook:
            # This group needs to be configured when installing the helm package, otherwise the webhook won't have permission to create an ACME challenge for this API group.
            groupName: acme.yourdomain.tld
            solverName: hosttech
            config:
              secretName: hosttech-secret
              apiUrl: https://api.ns1.hosttech.eu/api/user/v1
Credentials

In order to access the hosttech API, the webhook needs an API token.

If you choose another name for the secret than hosttech-secret, ensure to modify the value of secretName in the Issuer or ClusterIssuer.

The secret for the example above will look like this:

apiVersion: v1
kind: Secret
metadata:
  name: hosttech-secret
type: Opaque
data:
  token: your-base64-encoded-token
Create a certificate

Finally you are now able to create certificates, for example a wildcard certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-cert
  namespace: cert-manager
spec:
  commonName: example.com
  dnsNames:
    - "*.example.com"
    - example.com
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
  secretName: example-cert

Development

Running the test suite

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

First, you need to have hosttech account with access to DNS control panel. You need to create API token and have a registered and verified DNS zone there. You also must encode your API token into base64 and put the hash into the testdata/hosttech/hosttech-secret.yml file.

You can then run the test suite with:

# First install necessary binaries (this is only required once)
./scripts/fetch-test-binaries.sh
# Then run the tests
TEST_ZONE_NAME=example.com. make verify

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.