A cert-manager webhook which works with domains handled by Infomaniak, a ๐จ๐ญ Swiss hosting provider
-
Deploy cert-manager (if needed)
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager.yaml
-
Deploy Infomaniak webhook
$ kubectl apply -f https://github.com/infomaniak/cert-manager-webhook-infomaniak/releases/download/v0.2.0/rendered-manifest.yaml
-
Create a Secret with your Infomaniak API token. You can generate a new one by clicking here. You need to have at least the
Domain
scope.$ cat <<EOF | kubectl apply -f - --- apiVersion: v1 kind: Secret metadata: name: infomaniak-api-credentials namespace: cert-manager type: Opaque data: api-token: $(echo -n $INFOMANIAK_TOKEN|base64 -w0) EOF
Create a Secret with your staging ACME private key (if you don't have one, the next step will generate one)
$ cat <<EOF | kubectl apply -f - --- apiVersion: v1 kind: Secret metadata: name: le-staging-account-key namespace: cert-manager type: Opaque data: tls.key: <<YOUR_KEY_BASE64>> EOF
Create a staging ClusterIssuer
$ cat <<EOF | kubectl apply -f - --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-staging spec: acme: email: [email protected] privateKeySecretRef: name: le-staging-account-key server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - selector: {} dns01: webhook: groupName: acme.infomaniak.com solverName: infomaniak config: apiTokenSecretRef: name: infomaniak-api-credentials key: api-token EOF
Create a Certificate, the issued cert will be stored in the specified Secret (keys tls.crt & tls.key)
$ cat <<EOF | kubectl apply -f - --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: test-example-com spec: secretName: test-example-com-tls issuerRef: name: letsencrypt-staging kind: ClusterIssuer dnsNames: - test.example.com EOF $ kubectl get secret test-example-com-tls -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -text -noout | grep Subject: Subject: CN = test.example.com
If everything worked as expected using letsencrypt staging environment, repeat the 3 last steps using letsencrypt's prod environment
- ClusterIssuer
.spec.acme.server
:https://acme-v02.api.letsencrypt.org/directory
- ClusterIssuer
.spec.acme.email
: your "prod" e-mail address - ClusterIssuer
.spec.acme.privateKeySecretRef
: you can leave it blank and a new one will be generated for you
Have fun ๐ !
Run
make build
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
You can run the test suite by exporting your API token in
INFOMANIAK_TOKEN
, then by runningTEST_ZONE_NAME=example.com. make test
cert-manager-webhook-infomaniak's People
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.