README
¶
介绍
该项目为 cert-manager 的一个webhook插件, 用于对接华为云DNS服务, 实现自动化证书签发和续期.
使用说明
-
下载
release中最新helm包, 在k8s中安装它, 记得修改groupName的值(例如公司域名) -
安装reflector, 用于自动同步申请后的证书到其它命名空间.
-
配置
Issuer和CertificateapiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: email: curtion@126.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt solvers: - dns01: webhook: config: region: cn-southwest-2 AK: XKCD2EQDHF9XGIS851R7 SK: tnYnXON5GBzpfl5Ey50MeTvIwA7IRTVbsRqaLy6D ZoneName: jidian-iot.cn groupName: acme.jidian-iot.cn solverName: huawei-solver --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: jidian-iot-tls spec: secretName: jidian-iot-tls dnsNames: - "*.jidian-iot.cn" issuerRef: name: letsencrypt kind: ClusterIssuer secretTemplate: annotations: reflector.v1.k8s.emberstack.com/reflection-allowed: "true" reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "" reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: ""上述配置会尝试申请
*.jidian-iot.cn泛域名证书, 并且把证书名命名为jidian-iot-tls并放置到default命名空间中, 然后reflector会自动把证书同步到其它命名空间中.
yaml配置说明
- region: 区域信息,参考华为云文档
- AK: 华为云AK
- SK: 华为云SK
- ZoneName: 域名
- groupName: 和安装webhook时的值保持一致
- solverName: 固定为
huawei-solver, 不可修改 - reflector.v1.k8s.emberstack.com/*: 参考reflector说明
测试
修改testdata/huawei-solver中config.json.default文件名为config.json, 并修改其中的配置, 然后执行make test进行测试.
其它
当然你也可以构建自己的docker镜像, 执行make build即可, 只需要在安装helm包时修改镜像地址.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.