Categorygithub.com/nextlayergmbh/cert-manager-webhook-nextlayer
modulepackage
0.0.0-20211117105240-2eeed95daf15
Repository: https://github.com/nextlayergmbh/cert-manager-webhook-nextlayer.git
Documentation: pkg.go.dev

# README

ACME Webhook for next layer DNS

This project provides a cert-manager ACME Webhook for next layer DNS and is based on the Example Webhook.

Requirements

  • helm >= v3.0.0
  • kubernetes >= v1.14.0
  • cert-manager >= 0.12.0

Configuration

The following table lists the configurable parameters of the cert-manager chart and their default values.

ParameterDescriptionDefault
groupNameGroup name of the API service.dns.nextlayer.at
certManager.namespaceNamespace where cert-manager is deployed to.kube-system
certManager.serviceAccountNameService account of cert-manager installation.cert-manager
image.repositoryImage repositoryregistry.nextlayer.at/nextlayer/cert-manager-webhook-nextlayer
image.tagImage taglatest
image.pullPolicyImage pull policyAlways
service.typeAPI service typeClusterIP
service.portAPI service port443
resourcesCPU/memory resource requests/limits{}
nodeSelectorNode labels for pod assignment{}
affinityNode affinity for pod assignment{}
tolerationsNode tolerations for pod assignment[]

Installation

cert-manager

Follow the instructions using the cert-manager documentation to install it within your cluster.

Webhook

By cloning the repo

git clone https://github.com/nextlayergmbh/cert-manager-webhook-nextlayer.git
cd cert-manager-webhook-nextlayer
helm install --namespace cert-manager cert-manager-webhook-nextlayer ./deploy/cert-manager-webhook-nextlayer

By adding the helm repo

helm repo add nextlayercm https://nextlayergmbh.github.io/cert-manager-webhook-nextlayer/
helm repo update
helm install --namespace cert-manager nextlayercm/cert-manager-webhook-nextlayer

Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

To uninstall the webhook run

helm uninstall --namespace cert-manager cert-manager-webhook-nextlayer

Issuer

Create a ClusterIssuer or Issuer resource as following:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory

    # Email address used for ACME registration
    email: [email protected] # REPLACE THIS WITH YOUR EMAIL

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging

    solvers:
      - dns01:
          webhook:
            groupName: dns.nextlayer.at
            solverName: nextlayer
            config:
              APIKey: <YOUR-DNS-API-KEY-HERE>

Credentials

For accessing the next layer DNS API, you need an API Token which you can request via the next layer support. Currently we don't provide a way to use secrets for you API KEY.

Thanks

Thanks to mecodia GmbH and Stephan Müller whose project served as an example for cert-manager-webhook-nextlayer.

# Packages

package example contains a self-contained example of a webhook that passes the cert-manager DNS conformance tests.

# Variables

No description provided by the author

# Structs

No description provided by the author
No description provided by the author
No description provided by the author