Skip to content

A cert-manager sample repository for creating an ACME DNS01 solver webhook

License

Notifications You must be signed in to change notification settings

devops-consultants/cert-manager-webhook-godaddy

 
 

Repository files navigation

ACME webhook for GoDaddy

Installation

$ helm install --name godaddy-webhook --namespace cert-manager ./deploy/godaddy-webhook

Issuer

ClusterIssuer

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <your email>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - selector:
        dnsNames:
        - '*.example.com'
      dns01:
        webhook:
          config:
            authApiKey: <your GoDaddy authAPIKey>
            authApiSecretRef:
              name: <secret containing your GoDaddy authApiSecret>
              key: <secret key containing your GoDaddy authApiSecret>
            production: true
            ttl: 600
          groupName: acme.mycompany.com
          solverName: godaddy

Certificate

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: wildcard-example-com
spec:
  secretName: wildcard-example-com-tls
  renewBefore: 240h
  dnsNames:
  - '*.example.com'
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
  annotations:
    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - '*.example.com'
    secretName: wildcard-example-com-tls
  rules:
  - host: demo.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: backend-service
          servicePort: 80

Development

Running the test suite

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

Prepare

$ scripts/fetch-test-binaries.sh

You can run the test suite with:

$ TEST_ZONE_NAME=example.com go test .

The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.

About

A cert-manager sample repository for creating an ACME DNS01 solver webhook

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 72.2%
  • Mustache 12.4%
  • Shell 9.1%
  • Dockerfile 3.6%
  • Makefile 2.7%