DNSIMPLE Webhook for Cert Manager
This is a webhook solver for dnsimple.
Prerequisites
- cert-manager version 0.13.0 or higher (tested with 0.14.0):
Installation
Add the helm repo
helm repo add dnsimple-webhook https://moficodes.github.io/cert-manager-webhook-dnsimple
Check that the repo was added
helm repo list
Install the helm chart
helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n cert-manager
If you customized the installation of cert-manager, you may need to also set the certManager.namespace
and certManager.serviceAccountName
values.
helm install dnsimple dnsimple-webhook/cert-manager-webhook-dnsimple -n <custom-ns> --set certManager.namespace=<custom-ns> --set certManager.serviceAccountName=<custom-sa>
Issuer
-
Create a secret to store your application secret:
kubectl create secret generic dnsimple-credentials \ --from-literal=accessToken='<DNSimple-access-token>'
-
Create a certificate issuer:
apiVersion: certmanager.k8s.io/v1alpha1 kind: Issuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: '<YOUR_EMAIL_ADDRESS>' privateKeySecretRef: name: letsencrypt-account-key solvers: - dns01: webhook: groupName: 'acme.moficodes.com' solverName: dnsimple config: accountId: '<account-id>' accessTokenSecretRef: key: accessToken name: dnsimple-credentials
Certificate
Lets encrypt can automatically issue certs based on annotations. As discussed here
Or you can manually deploy a cert.
Issue a certificate:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: example-com
spec:
dnsNames:
- example.com
- *.example.com
issuerRef:
name: letsencrypt
secretName: example-com-tls
Development
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
Before you can run the test suite, you need to download the test binaries:
./scripts/fetch-test-binaries.sh
Then duplicate the *.sample
files in testdata/dnsimple/
and update the configuration with the appropriate DNSIMPLE credentials.
Now you can run the test suite with:
TEST_ZONE_NAME=example.com. go test .