Skip to content

Latest commit

 

History

History
165 lines (141 loc) · 7.47 KB

README.md

File metadata and controls

165 lines (141 loc) · 7.47 KB

logo

Simply DNS webhook service for cert-manager support

Artifact Hub GitHub GitHub go.mod Go version Go Report Card codecov GitHub Repo stars Image pulls

This service can be installed side by side with cert manager and can be used to handle dns-01 challeneges provided by cert manager. All documentation on how to configure dns-01 chalanges can be found at cert-manager.io

Version support:

The version compatibility I have tested for can be seen below:

cert-manager version simply-dns-webhook version
1.9.x 1.0.x
1.10.x 1.1.x
1.11.x 1.2.x
1.12.x 1.3.x
1.13.x 1.4.x
1.14.x 1.5.x
1.15.x 1.6.x

Platfom support:

The folowing architectures are supported by 1.14.x and newer: linux/amd64, linux/arm64, linux/arm, linux/arm/v6, linux/386

Deploy

Helm chart:

Add repo:

    helm repo add simply-dns-webhook https://runnerm.github.io/simply-dns-webhook/

Then:

    helm install my-simply-dns-webhook simply-dns-webhook/simply-dns-webhook --version <version>

As sub-chart:

    dependencies:
        - name: simply-dns-webhook
          version: <version>
          repository: https://runnerm.github.io/simply-dns-webhook/
          alias: simply-dns-webhook

Usage:

Credentials secret: You have to create the secret containing your simply.com api credential on your own, and it's name has to match with the secret ref name provided in the config of the cert-manager issuer/cluster issuer.

Issuer/ClusterIssuer:

    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
        name: letsencrypt-nginx
    spec:
        acme:
            email: <your_acme_email>
            server: https://acme-v02.api.letsencrypt.org/directory
            privateKeySecretRef:
                name: letsencrypt-nginx-private-key
            solvers:
            - dns01:
                webhook:
                    groupName: com.github.runnerm.cert-manager-simply-webhook
                    solverName: simply-dns-solver
                    config:
                        secretName: simply-credentials # notice the name
              selector:
                dnsZones:
                - '<your_domain>'

Credentials in config: You may choose to use the webhook configuration directly as shown below. (use it at your own risk)

-              secretName: simply-credentials # notice the name
+              accountName: "<account-name>"
+              apiKey: "<api-key>"

Secret

    apiVersion: v1
    kind: Secret
    data:
        account-name: <your_account_name>
        api-key: <your_api_key>
    metadata:
        name: simply-credentials # notice the name
        namespace: <namespace-where-cert-manager-is-installed>
    type: Opaque

cert-manager namespace:

You may override values with your own values if you choose to install cert-manager in custom namespace as follows (this is necessary for proper functioning):

    simply-dns-webhook:
        certManager:
            namespace: <cert-manager-namespace>
            serviceAccountName: <cert-manager-namespace>

Resources:

I leave the choice of the resource constraints to you since you know what you run the service on. ;)

    simply-dns-webhook:
        resources: 
            limits:
                cpu: 100m  
                memory: 128Mi
            requests:
                cpu: 100m
                memory: 128Mi

Logging:

You may choose to elevate level logging to debug by setting the following values:

    simply-dns-webhook:
        logLevel: DEBUG

Debug level gives you a bit more context when debugging your setup. Default log level is INFO.

Running the test suite:

Update the config or the simply-credentials secret with your API credentials and run:

$ TEST_ZONE_NAME=example.com. make test

Parameters

The following table lists the configurable parameters of the simply-dns-webhook chart, and their default values.

Parameter Description Default
groupName Group name for the webhook com.github.runnerm.cert-manager-simply-webhook
debugLevel Logging level INFO
certManager.namespace cert-manager namespace cert-manager
certManager.serviceAccountName cert-manager service account name cert-manager
image.repository Docker image repository deyaeddin/cert-manager-webhook-hetzner
image.tag Docker image tag v1.4.0
image.pullPolicy Docker image pull policy IfNotPresent
nameOverride Name override for the chart ""
fullnameOverride Full name override for the chart ""
service.type Service type ClusterIP
service.port Service port 443
resources Pod resources Check values.yaml file
nodeSelector Node selector nil
tolerations Node toleration nil
affinity Node affinity nil
Special credits to: Keyhole Aps