webhook-cert-manager-ns1

command module
v0.0.0-...-3ca4d0c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

README

ACME webhook for NS1 DNS API

This solver plug in for cert-manager is used on kubernetes to resolve letsencrypt DNS challenges considering your domain is hosted by NS1 managed DNS. API documentation is here

Requirements

Installation

1 - Get your NS1 API key:

Log in on ns1.com and obtain an api secret, so create a k8s secret with index api-key on cert-manager namespace, such as:

kubectl create secret generic ns1-api-secret --from-literal=api-key='xxxxxxx' -n cert-manager
2 - Install cert-manager-webhook-ns1 from local checkout
INSTALL:
helm install --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/ --set groupName=acme.mydomain.com
UNINSTALL:
helm uninstall --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/

Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.

From local checkout
3 - Add NS1 ClusterIssuer into k8s cluster
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-ns1
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory # production server, change to staging for tests

    # Email address used for ACME registration
    email: myemail@mydomain.com # REPLACE THIS WITH YOUR EMAIL!!!

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-ns1

    solvers:
      - dns01:
          webhook:            
            groupName: acme.mydomain.com
            solverName: ns1
            config:
              apiKeySecretRef: ns1-api-secret
              zoneName: mydomain.com
4 - Add wildcard certificate for domains
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-tls
  namespace: orb-live
spec:
  dnsNames:
    - '*.mydomain.com'
    - mydomain.com
  issuerRef:
    name: letsencrypt-ns1
    kind: ClusterIssuer
  secretName: cert-tls
5 - If necessary, add redirect to one domain to the base domain
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/permanent-redirect: "https://mydomain.com/"
  name: endpoint-redirect
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - app.mydomain.com
    secretName: cert-tls
  rules:
  - host: app.mydomain.com

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.