cert-manager-webhook-pdns

command module

v1.0.0 Latest Latest Go to latest Published: Dec 21, 2021 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zachomedia/cert-manager-webhook-pdns

Links

Open Source Insights

README ¶

PowerDNS cert-manager ACME webhook

Installing

To install with helm, run:

$ helm repo add cert-manager-webhook-pdns https://zachomedia.github.io/cert-manager-webhook-pdns
$ helm install cert-manager-webhook-pdns cert-manager-webhook-pdns/cert-manager-webhook-pdns

Without helm, run:

$ make rendered-manifest.yaml
$ kubectl apply -f _out/rendered-manifest.yaml

Issuer/ClusterIssuer

An example issuer:

apiVersion: v1
kind: Secret
metadata:
  name: pdns-api-key
type: Opaque
data:
  key: APIKEY_BASE64
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: certificates@example.ca
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-staging-account-key
    solvers:
      - dns01:
          webhook:
            groupName: acme.zacharyseguin.ca
            solverName: pdns
            config:
              host: https://ns1.example.ca
              apiKeySecretRef:
                name: pdns-api-key
                key: key

              # Optional config, shown with default values
              #   all times in seconds
              ttl: 120
              timeout: 30
              propagationTimeout: 120
              pollingInterval: 2

And then you can issue a cert:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-example-ca
  namespace: default
spec:
  secretName: example-com-tls
  dnsNames:
  - example.ca
  - www.example.ca
  issuerRef:
    name: letsencrypt-staging
    kind: Issuer
    group: cert-manager.io

Development

Running the test suite

You can run the test suite with:

Copy testdata/pdns/apikey.yml.sample and testdata/pdns/config.json.sample and fill in the appropriate values
Run tests

$ ./scripts/fetch-test-binaries.sh
$ TEST_ASSET_ETCD=_out/kubebuilder/bin/etcd TEST_ASSET_KUBE_APISERVER=_out/kubebuilder/bin/kube-apiserver TEST_ASSET_KUBECTL=_out/kubebuilder/bin/kubectl TEST_ZONE_NAME=example.com. go test .

It is possible to use an alternative DNS-Server to check for propagation - just set the ENV variable TEST_DNS_SERVER accordingly

$ TEST_ASSET_ETCD=_out/kubebuilder/bin/etcd TEST_ASSET_KUBE_APISERVER=_out/kubebuilder/bin/kube-apiserver TEST_ASSET_KUBECTL=_out/kubebuilder/bin/kubectl TEST_DNS_SERVER="192.168.1.1:53" TEST_ZONE_NAME=example.com. go test .

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
provider Package pdns implements a DNS provider for solving the DNS-01 challenge using PowerDNS nameserver.	Package pdns implements a DNS provider for solving the DNS-01 challenge using PowerDNS nameserver.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL