cert-manager-webhook-cloudns-v2

command module
v0.0.0-...-35c1f31 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

README

Cert-Manager ClouDNS DNS01 Provider

A Cert-Manager DNS01 provider for ClouDNS.

Originally published by IXON at ixoncloud/cert-manager-webhook-cloudns.

Partially rewritten to allow for multiple credentail sets, also including the sub-auth-id patch provided by Tristan971 in #8.

Configuration

The rewrite provides the possibility to configure the Issuer in the Issuer or ClusterIssuer yaml.

Parameters are provided in the spec.acme.solvers[].dns01.webhook.config section.

Name Required Description
authIdTokenSecretRef yes The auth-id or sub-auth-id of the user to be used (name the name of the secret, key the name of the entry (key))
authPassKeySecretRef yes The password of the user given above. (name the name of the secret, key the name of the entry (key))
authIdType no, default: auth-id change to sub-auth-id to use a sub-user (created via Reseller)
ttl no, default: 60 ClouDNS TTL
httpTimeout no, default: 30 seconds ClouDNS API request timeout

The groupName defaults to acme.kle.li but may be overwritten by providing a GROUP_NAME env to the pod.

Example config

Utilising 2 different auth methodes (sub-auth-id and defaulting to auth-id), users and leaving ou / setting all optional parameters.

Secrets go in the same secret (or must be permittet seperately, default only allows accessing cert-manager-webhook-cloudns-v2-api-secret).

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
  namespace: cert-manager
spec:
  acme:
    email: contact@example.com
    privateKeySecretRef:
      name: letsencrypt-staging
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    solvers:
      - dns01:
          webhook:
            config:
              authIdTokenSecretRef:
                key: example-authId
                name: cert-manager-webhook-cloudns-v2-api-secret
              authPassKeySecretRef:
                key: example-authPass
                name: cert-manager-webhook-cloudns-v2-api-secret
              authIdType: "sub-auth-id"
              ttl: 60
              httpTimeout: 15
            groupName: acme.kle.li
            solverName: cloudns-v2
        selector:
          dnsNames:
            - example.com
            - "*.example.com"
      - dns01:
          webhook:
            config:
              authIdTokenSecretRef:
                key: test-authId
                name: cert-manager-webhook-cloudns-v2-api-secret
              authPassKeySecretRef:
                key: test-authPass
                name: cert-manager-webhook-cloudns-v2-api-secret
            groupName: acme.kle.li
            solverName: cloudns-v2
        selector:
          dnsNames:
            - test.net
            - "*.test.net"

Development (The testing part still needs reimplementing (old one relies on ENV))

The testdata/config.json file is there because the DNS01 provider conformance testing suite wants to mock the requests away, and needs a folder to load the data from.

Environment Options
Name Required Description
GROUP_NAME yes Used to organise cert-manager providers, this is usually a domain
CLOUDNS_AUTH_ID_FILE yes Path to file which contains ClouDNS Auth ID
CLOUDNS_AUTH_ID_TYPE no, default: auth-id change to sub-auth-id to use a sub-user (created via Reseller)
CLOUDNS_AUTH_PASSWORD_FILE yes Path to file which contains ClouDNS Auth password
CLOUDNS_TTL no, default: 60 ClouDNS TTL
CLOUDNS_HTTP_TIMEOUT no, default: 30 seconds ClouDNS API request timeout
Running DNS01 provider conformance testing suite
# Get kubebuilder
./scripts/fetch-test-binaries.sh

# Run testing suite
TEST_ZONE_NAME=<domain> CLOUDNS_AUTH_ID_FILE=.creds/auth_id CLOUDNS_AUTH_PASSWORD_FILE=.creds/auth_password CLOUDNS_AUTH_ID_TYPE=sub-auth-id make verify

# Cleanup after testing (esp. needed when tests have failed)
remove `~/.cache/kubebuilder-envtest/*`

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
Package cloudns implements a DNS provider for solving the DNS-01 challenge using ClouDNS DNS.
Package cloudns implements a DNS provider for solving the DNS-01 challenge using ClouDNS DNS.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL