ACME Webhook for next layer DNS
This project provides a cert-manager ACME Webhook for next layer DNS
and is based on the Example Webhook.
Requirements
- helm >= v3.0.0
- kubernetes >= v1.14.0
- cert-manager >= 0.12.0
Configuration
The following table lists the configurable parameters of the cert-manager chart and their default values.
Parameter |
Description |
Default |
groupName |
Group name of the API service. |
dns.nextlayer.at |
certManager.namespace |
Namespace where cert-manager is deployed to. |
kube-system |
certManager.serviceAccountName |
Service account of cert-manager installation. |
cert-manager |
image.repository |
Image repository |
registry.nextlayer.at/nextlayer/cert-manager-webhook-nextlayer |
image.tag |
Image tag |
latest |
image.pullPolicy |
Image pull policy |
Always |
service.type |
API service type |
ClusterIP |
service.port |
API service port |
443 |
resources |
CPU/memory resource requests/limits |
{} |
nodeSelector |
Node labels for pod assignment |
{} |
affinity |
Node affinity for pod assignment |
{} |
tolerations |
Node tolerations for pod assignment |
[] |
Installation
cert-manager
Follow the instructions using the cert-manager documentation to install it within your cluster.
Webhook
By cloning the repo
git clone https://github.com/nextlayergmbh/cert-manager-webhook-nextlayer.git
cd cert-manager-webhook-nextlayer
helm install --namespace cert-manager cert-manager-webhook-nextlayer ./deploy/cert-manager-webhook-nextlayer
By adding the helm repo
helm repo add nextlayercm https://nextlayergmbh.github.io/cert-manager-webhook-nextlayer/
helm repo update
helm install --namespace cert-manager nextlayercm/cert-manager-webhook-nextlayer
Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.
To uninstall the webhook run
helm uninstall --namespace cert-manager cert-manager-webhook-nextlayer
Issuer
Create a ClusterIssuer
or Issuer
resource as following:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: mail@example.com # REPLACE THIS WITH YOUR EMAIL
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
webhook:
groupName: dns.nextlayer.at
solverName: nextlayer
config:
APIKey: <YOUR-DNS-API-KEY-HERE>
Credentials
For accessing the next layer DNS API, you need an API Token which you can request via the next layer support.
Currently we don't provide a way to use secrets for you API KEY.
Thanks
Thanks to mecodia GmbH and Stephan Müller whose project served as an example for cert-manager-webhook-nextlayer
.