A webhook for performing DNS01 validation against CoreDNS backended by etcd.
- ensure that (Cluster)Issuer can talk to APIService/Service
docker build -t cert-manager-webhook-coredns-etcd .
helm upgrade --install \
cert-manager-webhook-coredns-etcd \
-n pair-system \
--set image.repository=cert-manager-webhook-coredns-etcd \
--set image.pullPolicy=Never \
--set groupName=$SHARINGIO_PAIR_BASE_DNS_NAME \
deploy/cert-manager-webhook-coredns-etcd/
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
You can run the test suite with:
$ TEST_ZONE_NAME=example.com. make test
The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.
Show all ClusterRoles for cert-manager (and misc)
kubectl get clusterrole $(kubectl get clusterrole | grep cert-manager | awk '{print $1}' | xargs) -o yaml | less
Show all keys in etcd
etcdctl --endpoints "etcd-client.pair-system:2379" get / --prefix --keys-only
envsubst < ./letsencrypt-coredns-staging.yaml | kubectl apply -f -