Giter Club home page Giter Club logo

cert-manager-webhook-alidns's Introduction

ACME webhook for Alibaba Cloud DNS

The ACME issuer type supports an optional 'webhook' solver, which can be used for Alibaba Cloud DNS.

more details: https://cert-manager.io/docs/configuration/acme/dns01/webhook/

Usage

Install webhook from allinone bundle or using helm chart under deploy/cert-manager-webhook-alidns.

# install cert-manager webhook
kubectl apply -f https://raw.githubusercontent.com/cnfatal/cert-manager-webhook-alidns/main/deploy/rendered-manifest.yaml

Obtain an AccessKey pair and create the AccessKey Secret.

# create alidns aksk secret
kubectl -n cert-manager create secret generic alidns-secret --from-literal="access-key=<AccessKey ID>" --from-literal="secret-key=<AccessKey Secret>"

Create the ACME issuer. for more information see https://cert-manager.io/docs/configuration/acme/

cat <<EOF | kubectl create --edit -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    # You must replace this email address with your own.
    # Let's Encrypt will use this to contact you about expiring
    # certificates, and issues related to your account.
    email: [email protected]
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource that will be used to store the account's private key.
      name: letsencrypt-issuer-account-key
    solvers:
    - dns01:
        webhook:
            groupName: dns.aliyun.com
            solverName: alidns-solver
            config:
              regionId: ""                 # optional
              apiKeySecretRef:
                name: alidns-secret
EOF

Note: The acme-staging-v02 api: https://acme-staging-v02.api.letsencrypt.org/directory is only for testing purposes now.

or you can set AccsessKey in webhook configuration directly (use as your own risk):

-              apiKeySecretRef:
-                name: alidns-secret
+              accessKeyID: "<accessKeyID>"
+              accessKeySecret: "<accessKeySecret>"

Issue a certificate(optional)

cat <<EOF | kubectl create --edit -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-tls
spec:
  secretName: example-com-tls
  commonName: example.com
  dnsNames:
  - example.com
  - "*.example.com"
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
EOF

Build

required: golang 1.17 buildah helm

make build
make rendered-manifest.yaml

Running the test suite

update alidns-secret to your own secret

$ TEST_ZONE_NAME=example.com. make test

cert-manager-webhook-alidns's People

Contributors

cnfatal avatar diaphteiros avatar jakexks avatar jetstack-bot avatar mattiasgees avatar munnerz avatar

Stargazers

avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.